The U.S. Secret Service issued a warning about an increase in attacks targeting managed service providers, or MSPs, both in the U.S. private sector and by various government entities.

According to a document released by ZDNet on June 7, threat players have relied extensively on ransomware attacks, point-of-sale intrusions, and scams compromising corporate email to compromise internal networks of MSP customers.

Over 1000 corporate systems infected with Monero mining malware

Remote management software under threat
MSPs are providers of services related to remote management software for businesses, including file sharing systems for internal networks, which could also be hosted within a cloud infrastructure.

Microsoft study indicates that Indonesia was highly affected by malware attacks
U.S. Secret Service officials issued a warning that states in part:

„Due to the fact that a single MSP can serve a large number of customers, cybercriminals specifically target these MSPs to carry out their attacks at scale to infect multiple companies through the same vector.“

Ransomware gangs target MSPs

In 2019, ransomware groups such as GandCrab and REvil became known for focusing on MSPs to deploy their attacks. The threat intelligence firm, Armor, reported that at least 13 MSPs were hacked in the same year.

Hackers block power company systems in Brazil and demand $7 million in Monero as ransom
This is the second warning from the US authorities about vulnerabilities related to MSP. The National Center for Cyber Security and Communications Integration, or NCCIC, also issued a warning on this subject in October 2018.

On May 27, Cointelegraph reported that the Blue Mockingbird malware band infected more than 1,000 commercial systems with Monero mining (XMR) malware.