- Implementation of controls to detect and prevent credential stuffing attacks. This can include monitoring for a higher-than-usual number of login attempts over a given time period, or a higher-than-usual number of failed logins over a given time period.
- Use of a Web Application Firewall (“WAF”) that can detect and inhibit credential stuffing attacks.
- Review and verify all connections between customer systems, service provider systems, and other client enclaves.
- Use a dedicated virtual private network (VPN) to connect to MSP infrastructure; all network traffic from the MSP should only traverse this dedicated secure connection.
- Send reminders. Remind employees to put paper files in locked file cabinets, log out of your network and applications, and never leave files or devices with sensitive data unattended.
- Promote security practices in all locations. Maintain security practices even if working remotely from home or on business travel.
Office of Compliance Inspections and Examinations, Cybersecurity: Safeguarding Client Accounts against Credential Compromise.
CISA, Kaseya Ransomware Attack: Guidance for Affected MSPs and their Customers: https://www.cisa.gov/uscert/kaseya-ransomware-attack