Learnings from the Kaseya Ransomeware Attack

After the long weekend, America is waking up to a massive (ransomware) cyberattack. While news broke on Friday PM that Kaseya — a large IT solutions provider for Managed Service Providers (MSPs) and small and medium businesses (SMBs) has been hacked — many only now realize the ramifications of the attack. What does it mean for you?


Let’s recap what we know as of now:


1. The group behind the attack is probably REvil (Ransomware Evil). The same group that ransomed the beef supplier JBS last month. The group is mostly motivated by financial gains.


2. The attack’s concept is similar to the SolarWinds one. Both attacks were targeting two key factors:


  • Scale - Kaseya’s remote desktop software is used by many MSPs. Each MSP has hundreds of customers. This sort of supply chain attack allows the threat actor to attack once and “rip the benefits” from many along the supply chain: MSPs and end customers.

  • Trust - Given the nature of their work, MSPs are trusted by their end clients and are given excessive authorization and access into their clients' environments. This helps the attackers establish a foothold more easily.


3. Initial numbers suggest the ransomware was delivered to 40 MSPs and more than 1000 businesses. Attacks hit businesses around the globe.


4. Sources suggest that Kaseya was warned about the vulnerability ahead of the breach. REvil group was quicker to exploit.


What does it mean for you?


1. Cybersecurity needs to be on the table in any vendor/suppliers/3rd party discussion. You need to manage the process. You need to ask difficult questions. You constantly need to monitor your suppliers' posture. We address the steps needed in a previous post.


2. Complement the lack of visibility with an ongoing detection and response program.


3. Given the complexity of the process, you need experts on your side to help gain visibility into others’ environments. Your internal IT team is busy with, well, IT and doesn’t have the necessary set of skills required.


4. This is the second time that a major attack is coming from an MSP side. It is time to realize that to reduce your business risk you need to have checks and balances in place. Let your internal IT team or MSP deal with IT and use a cybersecurity firm to make sure you are secure. IT and cybersecurity are two different disciplines with different goals and priorities, sometimes even competing.


Do not put all your eggs in one basket!

Recent Posts

See All