Kaseya global attack impacted MSPS but also potentially thousands of end customers
The recent global ransomware attack on software provider Kaseya, has once again highlighted the vulnerabilities within supply chains and third-party relationships.
The attack, carried out by Russian cyber-criminal group REvil, targeted Kaseya’s cloud-based IT management and remote monitoring platform, VSA. The nature of the software meant that it was a particularly effective attack. Kaseya is used by Managed Service Providers (MSPs) and IT consultancies around the world, so the hack not only took out the systems of MSPs but also all of their customers too.
Initially Kaseya claimed that the hack only impacted 40 on premise clients, but the nature of supply chains and the software involved means that the final number of victims is likely to be in the thousands. REvil have demanded $70million to release to pass over the decryption key.
Supply chains targeted again
Criminals are increasingly using supply chains and routes through third parties as the weak entry point into companies. More often than not ransomware is deployed with companies losing huge amounts of data, infrastructure with the resulting financial and reputational damage unless they pay a ransom.
This attack through Kaseya has the potential to be huge with the number of companies involved. It has similarities to the SolarWinds attack in December 2020 where criminals gained access through the IT firm’s software to attack Fortune 500 companies and the US Government, causing chaos and huge reputational damage. The CloudHopper attacks that seem to have originated from China are another example of where companies are breached through their managed service providers. The attacks are increasing in number and levels of sophistication with criminals now actively targeting supply chains and third party connections.
The nature of technology and the way we work as a result of the pandemic means that there is more cloud based and virtual updates and transactions across supply chains than ever before. For too long supply chains have been ignored in terms of cyber security. The number of high profile attacks over the past two years means that this can no longer be the case.
Indeed, recent DCMS research has shown that only 12 percent of organisations review their cyber security risks coming from their immediate suppliers and only one in twenty firms (five percent) address vulnerabilities across their wider supply chain.
Ransomware is just the beginning
High profile ransomware attacks can have a huge impact on companies. However, companies targeted, or those on the periphery need to keep their wits about them even in the period after the initial attack.
We have seen in the Kaseya hack follow up attacks by the same, or other criminals trying to take advantage of the uncertainty and fear that follows a large attack. Phishing emails being sent out purportedly by the company impacted (in this case Kaseya) have been sent out to impacted companies asking them to down load patches or advice.
These of course, simply deliver more ransomware or other viruses that can a big problem for a company even more complicated.
Keeping staff informed and up-to-date before, during and after any attack is crucial in educating them about what the threats look like and how they can ensure that they do not exacerbate the situation.
Steps in the right direction
The UK Government have made some encouraging steps forward with regards to helping companies looking at their supply chain security. The Department for Digital, Culture, Media and Sport (DCMS) has asked MSPs and firms providing digital services to offer feedback on a new proposed cyber security measures aimed to protect critical supply chains.
The call for views ended July 2021 and whilst we are waiting to see the results and the approach the Government will be taking, it is positive in itself that the Government has recognised the potentially huge ramifications for the country of the continuing level of successful attacks on supply chains. The high-profile nature of the attacks will also help to highlight the threat to businesses more generally. However, like many threats it is all very well being aware of them, but a very different matter knowing how to deal with them.
Gaining a 360 degree of your supply chain
Companies are increasingly turning to AI-assisted, automated and centralised 360-degree security risk rating management systems. These solutions protect their critical supply chains by generating objective, quantitative reporting on a company’s security risk and performance. It also enables organisations with evolving business requirements to conduct business more confidently in the digital world we live in.
Having such a view of your entire supply chain makes it immediately clear where the potential vulnerabilities lie within your partners systems. By highlighting these to them you are able to make a decision as to whether they are doing enough to close the gaps, or whether you should be looking elsewhere for more secure partners.
Obviously, these types of solutions also help when looking for new partners too. It not only ensures that the budget you have spent on your own defences is not wasted by leaving the back-door open, it also encourages the whole supply chain ecosystem to improve their own cyber defences.
Cybercriminals will always look for the easiest route to the data they want to exploit. At the moment that is very much focused on supply chains. The more all companies within a chain can do to secure their systems, the less appealing it will be for the criminal. It appears to be far too easy at the moment for criminals around the world to gain access to all types of organisations.
Supply chains have to be taken seriously if we are to be more effective in closing gaps and putting these criminal enterprises out of business.