APT10 Indictments Show Expansion of MSP Targeting, Cloud Hopper Campaign
This is concerning but not surprising, instead of directly attacking the companies to compromise them one at a time, they have been focusing on the IT service providers of those companies. I full expect this attack vector to greatly expand in 2019.
Yup, makes good sense find a weak MSP and have a romp through their clients systems. My concerns are services used by MSPs may be either miss configured or have vulnerabilities in their code as with Team Viewer and Target as used by Target’s HVAC contractor. Currently the SMB space is being targeted by the black hats of all stripes for links to bigger targets. My advice to SMBs when picking a MSP do your due diligence or seek help from an entity that is not engaged in the MSP business. Those of us in IT know the good the bad and the ugly.
This is going to be a big trend, I think anyway, in the comming years as BlackHats are always looking for the novel appraoch vector into systems!