Online criminals are increasingly targeting managed service providers in Australia because they hold the keys to the kingdom for their clients.
A report from the Australian Cyber Security Centre found the Australian arms of global managed service providers were being compromised in greater numbers.
The ACSC Threat Report 2017 said that MSPs were an increasingly attractive target for malicious adversaries due to their broad range of customers and access to their networks, as well as presenting further opportunities to exploit other networks.
The extent of the threat largely depends on how much access the provider had to customer networks and databases.
"When you enable other organisations access to your network, your network is exposed to their security posture – you are effectively increasing your own risk. And when you don’t know the risks associated with a connected network, it is much more difficult to mitigate them," the report said.
In one example, the ACSC monitored an attack on the Australian arm of a multinational construction services firm that was compromised when an account associated with its service provider was used to install malware onto its network.
"The account was created by the victim organisation, specifically for the service provider to log on and access the victim’s network – this setup is typical of many MSP customer relationships."
ACSC warned that one common method was to exploit direct connectivity to a customer's data, along with modifying software with malicious content, gaining access to credentials to allow seemingly legitimate access to the network and engineering sophisticated spear-phishing emails.
The ACSC recommends customers with outsourced ICT should build cybersecurity strategies into contracts with MSPs that apply to both customer and network providers.
It said businesses should also consider the risks of their MSP relationship model, where having embedded MSP staff and no network connectivity to the provider presented the lowest risk, while a hosted network environment presented a much higher risk of being compromised.
At the report's launch, Dan Tehan, the minister assisting the Prime Minister for cybersecurity, said there were 47,000 reported cyber incidents over the past year, an increase of 15 percent.
This included 7283 incidents that affected major Australian businesses, of which 734 saw direct involvement by the ACSC.