General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsThe Kesaya Ransomware Attack is a Really Big Deal
Link to tweet
https://www.lawfareblog.com/kesaya-ransomware-attack-really-big-deal
If youre not already paying attention to the Kaseya ransomware incident, you should be. Its likely the most important cybersecurity event of the year. Bigger than the Exchange hacks by China in January. Bigger than the Colonial pipeline ransomware incident. And, yes, more important than the SolarWinds intrusions last year.
First, some background. Kaseya is a managed service provider; its customers use Kaseya to manage their company IT infrastructure. As part of this task, Kaseya can deploy software to the systems under management, in a way that is broadly equivalent to a software provider deploying an automatic update to those machines. For those interested in more, Nick Weaver wrote a piece for Lawfare that walks through the background in depth.
Under normal circumstances, automatic software deployment, especially in the context of software updates, are a good thing. But here this feature was turned on its head. Russian-based criminal gang REvil hacked into Kaseyas management system, and pushed REvil software to all of the systems under Kaseyas management. From there, the ransomware promptly disabled those computers and demanded a cryptocurrency payment of about $45k per system to set the machines free. As of writing, REvil claims that about a million total computers were affected, and is offering a bulk discount of $70m to unlock all affected systems in a single payment.
Although the direct impact is already enormous, to me, the direct impact is, in some sense, far less important than the issue of how the incident occurred, namely by subverting software delivery mechanisms as a means to install ransomware.
*snip*
Beakybird
(3,330 posts)Klaralven
(7,510 posts)Totally rebuild the operating system and applications from known good sources.
In software security configuration management is critical. Using a sketchy third party to do it is inexcusable.
https://www.kaseya.com/company/
Look like a bunch of suits. Located in Miami?
Or Dublin?
https://www.zdnet.com/article/kaseya-ransomware-supply-chain-attack-what-you-need-to-know/
At least for tax purposes ....
milestogo
(16,829 posts)So easy to just hop on to any of our customer's computers. So easy to run tasks and installs in the background. I would say that yes, this is a freaking nightware for any company which has Kaseya installed on their computers - and that includes a lot of companies that rely on MSPs for support.
Klaralven
(7,510 posts)alwaysinasnit
(5,059 posts)stopdiggin
(11,248 posts)where a 'service provider' is hacked - and then delivers the malware from a 'trusted source.'
i.e. can't blame some mid-level boob in the marketing department here for mindlessly opening an attachment, or providing a password over email.
gulliver
(13,168 posts)These scumbags are playing with fire. They can cause catastrophic damage. It's like a war against us or terrorism more than a crime and should be treated as such. Cyber criminals should face the death penalty for high damage crimes or conspiracy. If in foreign countries, they should get the same treatment we gave bin Laden under Obama, imo.