CISA Joins Partners to Release Advisory on Protecting MSPs and their Customers

05/11/2022 07:00 AM EDT

Original release date: May 11, 2022

The cybersecurity authorities of the United Kingdom, Australia, Canada, New Zealand, and the United States have released joint Cybersecurity Advisory (CSA), Protecting Against Cyber Threats to Managed Service Providers and their Customers, to provide guidance on how to protect against malicious cyber activity targeting managed service providers (MSPs) and their customers. The CSA—created in response to reports of increased activity against MSPs and their customers—provides specific guidance for both MSPs and customers aimed at enabling transparent discussions on securing sensitive data. The CSA also provides tactical actions for MSPs and customers, including:

  • Identify and disable accounts that are no longer in use.
  • Enforce MFA on MSP accounts that access the customer environment and monitor for unexplained failed authentication.
  • Ensure MSP-customer contracts transparently identify ownership of information and communications technology (ICT) security roles and responsibilities.

CISA urges organizations to review the joint CSA and take actions to strengthen their defenses against malicious cyber activity.  

This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft Warns of Destructive Malware Targeting Ukrainian Organizations

01/16/2022 09:13 AM EST

Original release date: January 16, 2022

Microsoft has released a blog post on possible Master Boot Record (MBR) Wiper activity targeting Ukrainian organizations, including Ukrainian government agencies. According to Microsoft, powering down the victim device executes the malware, which overwrites the MBR with a ransom note; however, the ransom note is a ruse because the malware actually destroys the MBR and the targeted files.
CISA recommends network defenders review the Microsoft blog for tactics, techniques, and procedures, as well as indicators of compromise related to this activity. CISA additionally recommends network defenders review recent Cybersecurity Advisories and the CISA Insights, Preparing For and Mitigating Potential Cyber Threats.



This product is provided subject to this Notification and this Privacy & Use policy.