The Cybersecurity and Infrastructure Security Agency’s cyber threat analysis chief shared fresh details this week around an ongoing campaign of cyberattacks linked to the Chinese government, specifically targeting managed service providers.
“The core issue with the compromise of managed service providers is that it really gives the attacker a force-multiplier effect,” CISA’s Rex Booth said at a summit hosted by FCW Thursday.
Earlier this year, Homeland Security conducted a series of webinars to educate the American public about the rising attacks that take advantage of companies’ possible internal vulnerabilities. Since 2006, the Homeland Security Department has tracked a threat group, commonly known in the security industry as APT10, which Booth noted is sponsored by the Ministry of State Security in China. Between 2014 to 2018, the agency noticed a strategic shift in the threat group's tactics: The hackers began specifically targeting America’s managed services providers, or MSPs. Those providers remotely manage customers’ information technology infrastructure or other tech-based systems.
“That in itself wasn’t necessarily alarming,” Booth said. “That wasn’t the trigger, obviously—that’s a period of four years—and we are not that slow.” But by the end of 2018, the agency noticed a severe uptick in the attacks, and in its mission to “protect the internet,” Booth said CISA deemed it necessary to notify the public. In the past, most attacks would be what’s known as “one to one events,” that is, one company would face one attacker, which would be less intense to tackle. But due to rapidly progressing technological advancements, MSPs and today’s threat-scape are much more complex.
“Now, when you are looking at the opportunity for the attackers to t ..
Support the originator by clicking the read the rest link below.
