On July 2nd, the cybersecurity industry was abuzz with news of yet another large supply chain attack by the renowned REvil gang, which crippled over a thousand firms in the United States and throughout the world. The organization is currently seeking $70 million in exchange for decrypting the information that they have encrypted on the networks of its victims.
On July 2nd, Kaseya, a supplier of IT solutions to businesses and MSPs, stated that it had been the victim of a cyberattack. The attackers used a zero-day vulnerability in Kaseya’s VSA product to launch a supply chain ransomware assault (a remote monitoring and management tool for managing endpoints and networks).
Initially, Kaseya assumed the victim customers (MSPs) were limited, however, a subsequent update via blog post revealed that there were less than 60 victim MSPs, all of whom were utilizing the VSA on-premises solution. However, because MSPs typically have hundreds of small and medium-sized enterprises (SMEs) connected with them, the ripple effect is only seen in around 1,500 firms.
The Kaseya supply chain assault follows previous SolarWinds, Microsoft Exchange, and other recent ransomware attacks in the United States. Let’s take a deeper look at the most recent developments in the attack and then talk about your company’s security risks.
An Examination of the Kaseya Ransomware Attack
According to the current research, the assault was initiated by a zero-day authentication bypass vulnerability, as well as antivirus workarounds Kaseya had implemented in its products to allow automated upgrades. Attackers were able to transmit arbitrary instructions across the VSA product using the zero-day authentication bypass vulnerability.
Because the weakness was connected to authentication bypass, Kaseya’s claim that none of its source codes had been accessed or altered was confirmed. The attackers mostly carried out fraudulent updates that seemed to be genuine Kaseya updates. So they began by attacking MSPs that utilized Kaseya VSA and then used VSA to infect hundreds of businesses related to those MSPs with ransomware.
Kaseya Anticipated This Was Going to Happen at Some Point
It may sound unbelievable, but there was a chance that the Kaseya assault might have been totally prevented. A former Kaseya employee informed Bloomberg that they notified the company’s senior authorities about serious security flaws in the Kaseya products on many occasions (from 2017 to 2020). Kaseya was chastised by employees for its weak encryption, out-of-date code, and lack of frequent software updating. Employees, in fact, identified so many flaws in the VSA tool that they demanded it is replaced. Unfortunately, the corporation did not pay heed, causing some employees to resign and others to be dismissed.
Employees’ worries were not the only source of worry; other researchers also pointed out the flaws. When the Dutch researcher pointed out the problems, Kaseya corrected some of them, but not all of them. In addition, research firms such as Truesec uncovered severe security weaknesses in Kaseya’s infrastructure not long after.
All of these previous indicators of weaknesses appear to be sufficient for Kaseya to take security measures seriously. The issue would not be as bad now if the corporation had responded quickly to these shortcomings.
How Vulnerable is Your Company to Supply Chain?
The fact that supply chain assaults have been on the rise over the past few years is a sobering reality. The SolarWinds hack was one of the most serious in recent memory in the IT sector. The Kaseya assault now demonstrates how strong cybercriminals have become over time. This raises a red flag for firms, particularly small and medium businesses that rely heavily on such providers.
The extent to which your company is exposed to supply chain assaults is largely determined by the IT provider you choose. You should keep a closer check on your vendor list and pay attention to any security-related information about your vendors that is circulating. However, from the client’s perspective, this does not appear to be that straightforward. For example, until the attackers were able to have an impact, the Kaseya VSA assault went undiscovered. From the standpoint of the client, attackers gained access to networks by proposing a malicious update that appeared to be legal. So, if your vendor’s security is penetrated, there’s a good possibility you’ll be hit as well.
However, there are several best practices that may assist your company to assure greater security and less harm if your vendor is hacked. Several of the keys are as follows:
1. Don’t Fall for Phishing Email Scams
A phishing email is one of the most common ways for hackers to gain access to a system. Attackers frequently pose as well-known companies so that you would believe the email is authentic and click the attached malicious link. As a result, you must learn to spot phishing emails in any manner they are presented to you. Your company has already saved itself from any possible compromise after staff has been properly taught how to prevent being duped by phishing emails.
2. Selecting Wise Vendors
Businesses frequently use several suppliers for various services, however, there are also situations when superfluous vendors are used. Unnecessary suppliers increase the risk of a data leak. Previous assaults (Microsoft Exchange, SolarWinds, and Kaseya) have demonstrated that when a major vendor is hacked, all associated firms are at risk. As a result, you should make wise vendor selections, focusing solely on the most reputable and necessary providers.
3. Up-to-Date Technology
The Microsoft Exchange assault primarily targeted out-of-date computers, whereas the Kaseya attack duped victims with a malicious update. As a result, there’s a snafu. You are at risk if you display resistance to updates, and you are also in danger if you conduct harmful but seemingly valid upgrades. The best way out is to make sure your system is up to date and that the updates you’re installing are from your vendor.
The Kaseya ransomware outbreak shows that these kinds of attacks aren’t going away anytime soon. Furthermore, the regular attacks on IT companies, which are supposed to be extremely safe, demonstrate that attackers are not passing up any opportunity to exploit security holes. As a company that relies on such providers, you should not put your faith in their security procedures at face value. You should think about implementing more strong cybersecurity policies so that you don’t make any or only minor security mistakes.