Hackers have succeeded in infiltrating a Florida-based information technology firm called Kaseya and they have deployed a ransomware attack. In the process, the hackers have seized troves of data and they are demanding $70 million in payment for its return.
The hack of the Kaseya firm has been called by The Guardian: “the biggest ransomware attack on record”. With the attack, The hackers were able to distribute ransomware by exploiting several vulnerabilities in the VSA software. Behind the attack appears to be the Russian based group REvil.
Wagner begins by looking at the forces at play behind the cyberattack, noting: “The recent Kaseya cyberattack, which saw the REvil criminal group use compromised IT management software to successfully encrypt the files of hundreds of businesses, illustrates how important it is to secure the entire IT supply chain.”
He adds that: “The software at the heart of the attack, Kaseya VSA, is popular among so-called managed service providers (MSPs), which provide IT infrastructure for companies that would rather outsource that sort of thing than run it themselves.”
In terms of vulnerable categories, Wagner observes: “Most enterprise companies fall into this category. Unfortunately, once a cybercriminal has access to an MSP, it has access to its customers.”
The implications of this are: “Rather than breaching a single bank, insurer, or airline, they can gain access to multiple organizations all at once. It’s the difference between having a highly-skilled safe-cracker and the master key to the bank’s vault Organizations should ensure that the MSPs they employ only use solutions that are secure, resilient, and compliant.”
There are other ramifications, says Wagner: “The Kaseya attack also illustrates a growing practice of combining supply-chain-based attacks with ransomware demands. REvil appears to be asking victim companies for the equivalent of roughly $45,000 in the cryptocurrency Monero. Some companies have apparently been asked for as much as $5 million to decrypt all of the PCs in their network.”
This means a nuanced approach to preventative measures. Here Wagner finds: “While MSPs can, and should, do everything they can to prevent such attacks, it’s important to have backups in place as a critical defense mechanism in the event of a breach. Backing up regularly and securely is critical to breach recovery.”
Support from contract services remains critical. Wagner says: “Your backup provider should be able to address the unique needs of laws such as GDPR and any others that impact the jurisdiction you operate in. This includes, but is not limited to, its choice of data center, data encryption, at-rest and in-transit rules, and the ability to purge backups.”
Moreover: “Adopting a backup provider shouldn’t impact on your organization’s ability to do business.”
Wagner’s concluding advice is: “The solution companies choose should offer simplified employee on-boarding and off-boarding with bulk activation, automated addition and deletion of users, and backup of inactive accounts. Additionally, it should offer an out-of-the-box setup with zero adoption effort, no matter what software as a service (SaaS) platform you use.”