In most recent cybersecurity news, we have seen yet another large breach. But this time, the impact outweighed all cyberattacks we have seen compared to those in the past. The aftermath of the Kaseya cyberattack over 4th of July weekend was claimed by the Russian cybercriminal group, REvil, and has left Kaseya and the United States as a country scrambling for answers on how this happened, how this could have been avoided, and how to prevent future attacks like these. While REvil holds a $70 million cryptocurrency ransom, Kaseya’s vulnerability at a crucial time is something others can learn from to reduce the chances of falling victim to another major hacking and ensure our security is optimized to increase cyber safety measures.
One way Kaseya left themselves vulnerable for REvil’s cybercrime was by underestimating the timing of the attack. REvil moved in on Kaseya over a holiday weekend, starting Friday, July 2nd, 2021, prior to the USA’s Independence Day. This was strategically planned by REvil, as these smart and stealthy cybercriminals knew the company would be understaffed, leaving early, and unplugged from Kaseya altogether for the three-day holiday weekend. The lack of attention on the company during that time-period by Kaseya’s employees left them vulnerable and gave REvil the perfect opportunity to attack. Kaseya was made an example of in why companies as a unit cannot unplug, remain understaffed, or let their guard down in today’s world where ransomware as a service (RaaS) exists.
Another problem that left Kaseya open to attack was their appealing business model as a managed service provider (MSP). MSPs are particularly appealing for hackers like REvil because, by having a vast range of clients of small- and medium-sized businesses (SMBs), hackers are not just gaining access to the main company’s data: they are gaining access to all their clients’ data as well. For example, with Kaseya, approximately 40,000 SMBs were impacted by this cyberattack across the nation and this colossal cyber crisis is now being handled on a federal level by the Biden administration, FBI, and Cybersecurity and Infrastructure Security Agency (CISA). While the government works to respond to this attack, REvil’s growth and cybersecurity breaches on the US have called for national attention. The Kaseya attack and the government’s involvement demonstrates that the seriousness of this matter is not one to be taken lightly. Those who do take it lightly will most likely be next.
Lastly, Kaseya was simply just not prepared for an attack of this magnitude. With savvy and stealthy cybercriminals becoming more and more educated in their skillset of hacking, businesses need to increase their level of security, quality of security, and amount of security. Flaws in Kaseya’s cybersecurity systems need to be sped up and patched up while constantly looking for other holes that could leave them vulnerable. In addition, thorough and comprehensive backups as well as shadow copies are imperative to restore any stolen data in the event of a data breach or broken network. As cybercriminals increase both the activity and scale at which they can infiltrate a network, the Kaseya cyberattack is proof that newer and more advanced cybersecurity software and tools are non-negotiable and essential in protecting and preventing hackings like these in the future.