Kaseya, one of the largest Managed Security Services Provider (MSSP), itself, became the victim of the largest ransomware attack in history which continues to claim new victims. Figures this morning indicate that between 800 and 1500 worldwide businesses have now been impacted by the latest attack of its security provider. Kaseya, which claims to work with IT departments and MSPs around the globe to transform IT. Kaseya seems to have been caught totally off-guard with this attack as were their many global customers.
The well-coordinated attack on the Kaseya software brand has left both direct customers and their clients in tatters. These brands face a new week not running business as usual, but scrambling to respond to an attack so large the White House weighed in on a holiday weekend. The FBI and Cybersecurity and Infrastructure Security Agency are also onboard in the race to address this most recent attack, which includes a demand for a $70 million Bitcoin ransom.
How was REvil, believed to be behind the attack, able to create such devastation in such a short amount of time? Both the timing of the Kaseya attack and the choice of victim played roles in the far-reaching outcome; the lack of preparation and awareness by Kaseya allowed the attack to spread to dozens of smaller businesses and organizations.
Kaseya is an MSP that serves clients that in turn provide services to smaller businesses, including retailers, medical providers, and schools. For every brand directly impacted, there may be dozens or even hundreds more that indirectly rely on Kaseya services.
The timing of the attack for the USA Federal holiday means that fewer employees were on the job at all levels, slowing response time and leading to massive spread of the ransomware through the Kaseya network.
REvil has already proven to be a dangerous and savvy opponent; similar attacks in the past have been timed to coincide with United States holidays and known downtimes. This approach ensures maximum chaos and spread for their ransomware.
REvil has a history of attacking brands responsible for other companies. The recent JBS attack focused on supply chain and yielded 11 million; the latest attack could net the organization $70 million.
According to AP reports, insurers are weighing the cost of paying the ransom quickly versus the cost of continued downtime for impacted parties. There is a very good chance the ransom will be paid, resulting in a successful attack and further emboldening REvil and other organizations.
This latest attack is not only devastating on its own, it needs to be seen as an emerging pattern – savvy cybercriminals taking advantage of brands that are not where they should be when it comes to proactive measures and security. This was a sophisticated, well timed attack and the only way to avoid future issues is to take a hard look at internal security and defense – and be aware of the growing level of sophistication on the part of attackers.
REvil’s recent successes, and the impact of this Independence Day attack will only embolden the organization and encourage others like it to launch targeted attacks on businesses of all types.
The smaller brands and third parties impacted by this recent attack are not to blame; they chose a provider that they trusted to protect them from this very scenario. Unless and until more effort and awareness is invested into cybersecurity, though, attacks like this one will continue to happen to brands large and small.
MSSP's need to not only themselves be better trained on how to respond and have a ready plan when such attack occurs, but they need to be sure that they are training and educating their customers of the same threats, readiness and action plan. Off-site fully secured backups should be ready to deploy to be in position to spin up a minimal network for their customers, replacing that of the compromised network.
XSOC Corp leads in next-generation cybersecurity products with both offensive and defensive capabilities. Our products are designed to empower enterprises to begin reshaping the belief that companies will be continuously vulnerable to criminals. Our high-end research and development efforts are keenly focused on serving the U.S. military and supplying new tools for their arsenal.