Alex Wong | Getty Images News | Getty Images
Jeanette Manfra, the assistant secretary for cybersecurity and communications at the National Protection and Programs Directorate.
A U.S. government warning released Wednesday, urging companies to protect against cyber threats from their managed service providers, is another in a long series of ramped-up concerns over espionage from nation-states involving third-party products and services.
The U.S. Computer Emergency Response Team (US-CERT), which provides disaster response and warnings about serious cybersecurity issues, published an alert that nation-states have been using shared cloud services and managed service providers — like those that provide outsourced handling of corporate functions — to launch advanced attacks and espionage campaigns against critical U.S. companies.
The attacks have resulted in a variety of adverse consequences, including lost sensitive information, disruption of operations and leaks of proprietary, according to the US-CERT. Victims of the attacks aren’t named but have included information technology firms, health care companies, communications providers and manufacturers, the warning stated.
China is not mentioned in the US-CERT warning, but government agencies have grown increasingly wary of how vulnerable U.S. infrastructure may be to Chinese espionage, said Tom Kellermann, chief cybersecurity officer for security company Carbon Black and a former top cybersecurity official for the World Bank.
“China’s activities in this area have only become ramped up in recent years, particularly as trade tensions between China and the U.S. have increased,” he said.