Over the holiday weekend, another vicious ransomware attack was carried out with Kaseya remote management software used by IT providers to remotely control end-user systems and automate the deployment of security patches.
Kaseya’s remote management software was subject to a supply-chain attack similar to the SolarWinds breach earlier in the year. The same group that carried out the JBS USA meatpacking plant ransomware attack recently, was also behind the Kaseya attack.
What made this attack different is the fact of how quickly ransomware could be deployed to many networks by leveraging the IT providers’ remote management software to infect the IT provider’s client networks. The remote management tool is supposed to be used to help clients stay more secure and provide IT support, not be the conduit for a ransomware attack.
For the IT providers and the end-user clients that were affected by this attack, it creates an exceedingly difficult situation in the fact that the IT providers do not have remote access to their end-users systems, simultaneously the end-users businesses are down, and the IT providers need to perform incident response all end-users clients that we affected by the attack.
This goes to show that even IT providers and the tools that they use are subject to cyber threats like any other business. I know I sound like a broken record, but with all the attacks occurring it is important to be vigilant and stay informed. Each individual business/organization/government agency needs to have proper measures in place including backup and disaster recovery, business continuity, and a multi-layered approach to cybersecurity including technology, people, and processes. Even if you have a strong cybersecurity program in place proper cyber liability insurance is a necessary component to handle any additional risk that may arise. It is important to work with an IT provider that takes cybersecurity seriously for your organization as well as their own.
To learn more about this attack please click the links below.