As if the SolarWinds attack wasn’t enough to shake things up for organizations, the recent Kaseya VSA supply chain attack is likely to affect thousands of businesses. Here’s what you need to know.
On Friday, July 2nd, leading into a holiday weekend in the US, it was discovered that the REvil ransomware group had exploited a vulnerability in Kaseya VSA, a remote monitoring and management software platform. Following the attack, REvil demanded a $70 million payment in bitcoin to decrypt all the systems (which was later lowered to $50 million) to end what’s being called the biggest ransomware attack in history.
Kaseya’s IT and security management solutions are used by managed service providers (MSPs) and Managed Security Services Providers (MSSPs) for their customer base and small to medium sized businesses (SMBs). While initial reports indicated that around 60 on-prem customers were affected, Kaseya shut down both the on-prem and cloud SaaS servers as a precautionary measure. While the details of this breach are still evolving, its effects will clearly be far-reaching.
Comparing This to the SolarWinds Cyberattack
As was the case in the SolarWinds cyberattack, hackers targeted organizations in the supply chain in order to cause maximum impact. However, this cyber incident may end up being even larger. Here’s why:
Kaseya provides IT management tools for some 40,000 customers worldwide, including MSPs and MSSPs, who provide outsourced IT infrastructure services for businesses who prefer not to manage it themselves. Both MSPs and MSSPs potentially work with hundreds of businesses each—meaning this breach can have massive implications. The current reports state that up to 1,500 companies have been affected thus far, including a Swedish grocery retailer co-op chain, which was forced to close more than 800 stores.
In the Kaseya VSA attack, the motivation is simple—money. This disruptive attack has caused a complete shutdown of business whereby companies are losing money every minute that their systems are down. To add insult to injury, victims are also being told that they need to pay a huge ransom to get their business back up and running. While the US government prefers that companies don’t give money to their attackers so as not to encourage them, many corporate ransomware victims conclude that the cost of resisting is much greater than paying. Neither option is optimal.
The objective in the SolarWinds attack, however, was very different. The cybercriminals’ motivation was to gain access to government agencies, presumably to collect and expose state secrets. Like Kaseya, however, the full extent of the attack is still unfolding.
The Timing of This Breach is Significant
In all likelihood, the fact that the attack was conducted on the eve of the Fourth of July weekend was no coincidence. With many employees leaving early for a long holiday weekend, it is an ideal time for a cybercriminal to strike. Even if discovered, the offenders are banking on a skeleton staff left to deal with the aftermath of the extensive damage that was done.
Organizations Need to Be Prepared
The Kaseya VSA attack is an uncomfortable reminder of recent large-scale supply chain breaches on companies like SolarWinds, Microsoft Exchange, Accellion and Codecov. Clearly, cybercriminals recognize that supply chain attacks are an effective way to achieve maximum damage.
Companies worldwide, in every industry and of every size, must prepare for this type of attack. Smaller companies that don’t invest in cybersecurity will be the easiest to breach, and then there is a risk that the attack could go viral. The only solution is preparing ahead because the question isn’t if something like this will happen again, but when it will happen.
You can prepare yourself for supply chain attacks by evaluating risks to your system, securing your third-party interactions using services like Panorays and implementing a program to get back online in case of attacks. Our Third-Party Incident Response Playbook can help your organization prepare for a supply chain attack like Kaseya VSA.
Panorays Can Help
The Panorays easy-to-customize platform helps you gain continuous visibility and actionable insights into evolving supplier risk. With our user-friendly, intuitive solution, you efficiently manage and mitigate risk and implement security policies with the click of a button. Take control of your vendor risk and contact us today for a free demo.