The cyber threat against IT service providers
This threat assessment describes the cyber threat against IT service providers, including hosting service providers, Managed Service Providers (MSPs) and cloud service providers.
The purpose of the assessment is to inform Danish public authorities, companies and decision-makers of the cyber threat faced by IT service providers. The threat constitutes a particularly serious supply chain threat.
The threat assessment describes how IT service providers’ legitimate, necessary and often privileged access to client IT systems and networks makes them attractive targets for hackers. In cyber attacks against IT service providers hackers abuse the trust and access the providers enjoy with their clients. Compromising an IT service provider enables the hackers to attack many of the providers customers.
The threat against IT service providers is driven by different motives with criminal hackers posing a cyber threat, for instance through targeted ransomware attacks being one example. State-sponsored hackers also conduct cyber espionage. These hackers are both interested in intellectual property and public authorities’ sensitive data.
The assessment describes several examples of cyber attacks against IT service providers in Denmark and abroad.
Centre for Cybersecurity
December 1, 2020