The Kaseya cyberattack was just the latest in a slew of high-impact attacks in 2021. Hackers are becoming more strategic. Rather than targeting a specific small company for small gains, they are thinking big—both in terms of impact and the ransom size.
The hack represents an evolution over the Microsoft Exchange, and Solar Winds hacks which attacked the software supply chain. By targeting Kaseya, a platform for Managed Service Providers (MSPs), the hackers were able to shut down many companies at once—up to 1,000 at last count.
The cybercriminals are apparently “affiliates” of the Russia-linked REvil ransomware-as-a-service group. This group, which also shut down the JBS meat processors, is demanding $50,000 to $5 million in ransom directly from affected companies rather than from the MSPs or Kaseya. This approach will be more challenging for the FBI to track and manage and could be a workaround the hackers developed following the FBI’s seizure of the JBS ransom.
Last week there was—or wasn’t— a data breach at LinkedIn. LinkedIn initially denied that any new data was being sold on the dark web but later claimed that 700 million users’ profiles were scraped, not stolen via a breach. Either way, the data of 700 million Linkedin users is up for sale with potentially serious consequences, including identity theft and phishing—which could lead to ransomware attacks on corporations, government agencies, utilities, and more.
Unlike LinkedIn, which has still not officially notified its users, Kaseya quickly went into very visible public action. On July 2, Kaseya CEO Fred Voccola announced a potential attack against their VSA remote monitoring and management tool used by Managed Service Providers (MSPs) to provide networking services to external customers. Kaseya customers were told, even urged, to take their VSA Servers offline so that hackers could not get control of end-customer networks.
In addition, the company notified customers about the breach via email, phone, and regularly updated notices on their website. Finally, Kaseya has released a diagnostic tool for enabling MSPs to identify infected systems, and the company’s response team is working 24×7 to develop a fix.
The attack against Kaseya is an additional proof-point for adopting a holistic and unified cybersecurity approach in today’s one-network world. One of the core benefits of the Secure Access Service Edge (SASE) model is its ability to mitigate phishing attacks in which employees open unfamiliar or deceptive emails and click on malicious links.
With SASE, one of its core features is a Secure Web Gateway (SWG) with URL filtering that can block suspicious links and prevent employees from opening them. In addition, a SASE-based platform allows IT teams to segment various parts of the network to limit the extent of a successful cyberattack. For example, suppose a computer or managed device is infected. In that case, the attack will only reach a limited number of resources in the specific network segment, preventing the ransomware from spreading across the organization.
Additionally, many ransomware attacks are generated from unmanaged devices connected to a secure network. SASE isolates unmanaged devices from the network through agentless Zero Trust application access, giving unmanaged devices access to specific networks by emulating the user’s session in the cloud and transmitting only an image to the user’s browser.
In today’s world, anyone can be hacked, whether you’re one of the world’s leading companies or an SMB receiving managed services from a trusted provider.
The most basic action to take is to “hide” your computing environments from the Internet so they’re invisible to outside hackers. Then, even if the hardware is vulnerable, it cannot be exploited from the outside.
But a better way is to move your computing resources to the cloud and employ secure networking as a service using a unified framework like SASE. The SASE framework offers an even better solution than the VPNs recommended by the FBI following the Kaseya malware hack. SASE doesn’t need costly hardware, easily scales, and offers Zero Trust access based on identity and context. As a result, this is the best way to stop the next ransomware attack.
All social media, even LinkedIn, carries risks, and everyone should minimize the amount of offline contact information they share. Multi-factor authentication should be used wherever possible—especially with anything financial—and everyone should be wary of attachments, even from family members and coworkers. If something doesn’t feel quite right, whether it’s the style of the email, or the context, contact the sender via another form of communication to verify that they have indeed sent you something.
It’s no coincidence that the 50 MSPs affected by the Kaseya malware hack were using the on-premises version of the company’s VSA Server, not unlike the victims of the MS Exchange Server hack. The MSPs who were using the cloud were unaffected.
Secure cloud networking is undoubtedly the way to go.
