An Australian managed services provider (MSPs) was successfully attacked in 2017 and all are now at risk, according to the Australian Cyber Security Centre (ACSC), which has created a new program to help MSPs stay secure in order to boost confidence in the sector.
The source of the attack was identified in 2016 by PWC, which named it " Cloud Hopper". The ACSC, which is an arm of the Australian Signals Directorate, late last week revealed that it warned local MSPs of the attack in early 2017 and again last week. The second warning came after allegations emerged that the attack was directed by China and penetrated IBM and HPE, among other MSPs.
Coinciding with that news, the Centre published an incident report [PDF] detailing how “a computer belonging to the Australian arm of a multinational construction services company was compromised with specific malware … using an administrator account provisioned legitimately to one of the victim’s MSPs.”
The ACSC clearly expects more such incidents, because it has created a new MSP partner program to “enhance the security posture of Managed Service Providers (MSPs) in Australia.” Details of the program are scanty at the time of writing, but the ACSC it will include “an evaluation activity that assesses partners’ performance against the objectives of MSP3, with the aim of increasing Australian business, enterprise and government confidence in the MSP sector.”
“MSPs will be encouraged to join the program to demonstrate commitment to continually improving their cyber security resilience,” the agency wrote. “They will then become eligible for a number of services and activities delivered through our Joint Cyber Security Centres, including:
- The MSP Partner Forum – a national workshop that provides threat intelligence and identifies recurrent challenges and risks for MSPs
- 24⁄7 situational awareness products – access to ACSC threat intelligence in real time
- Provision of ACSC advice – to promote the benefits of cyber security best practice
Critically, participation the program will see MSPs “… will receive peer and public recognition … including listing on cyber.gov.au and in other ACSC materials." By showcasing MSPs that seek out its expertise, the ACSC hopes to increase confidence in the entire MSP sector.
CRN therefore imagines that the ACSC will receive rather a lot of applications to enter the course when they open in January 2019 (and close in April 2019) – because what MSP would want not be listed as having completed the government’s recommended security training?