Protecting your business: Understanding the Kaseya attack
On Friday, the business world began to slow down in preparation for the Independence Day long weekend. Just as the working day slowed to a close in the US, a colossal cyber attack descended on Kaseya, a company that provides IT companies with tools to support their customers' systems.
Gordon Christie, our managing director, has shared insights into what happened, what it means and what happens next in this blog post...
What happened to Kaseya?
“Kaseya’s VSA remote monitoring and management tool was used as an attack vector to inject ransomware into the systems of more than a thousand end-customers of some managed service providers (MSPs) at the beginning of a major holiday.
“VSA, the Virtual System/Server Administrator, is software used by Kaseya customers to monitor and manage their infrastructure. It is supplied either as a hosted cloud service by Kaseya or via on-premises VSA servers. These SaaS VSA servers can be deployed by end-users or by MSPs. Kaseya sends out updates to these VSA servers and, on Friday, July 2, an update was distributed that contained REvil ransomware. It affected fewer than 40 Kaseya VSA customers — but around 30 of them were MSPs, and the code was then sent on to their customers. Potentially thousands of MSP client businesses were infected.
“This is known as a supply chain attack, and is similar in its basic methodology to last year’s SolarWinds attack, with malware installed via an update server.”
Who has been targeted?
“Across the globe, thousands of companies are reporting that they have fallen victim to the attack, even if they are not direct users of Kaseya. For example, Swedish supermarket chain Coop has reported that they noticed problems in a small number of stores on Friday evening, but overnight this became a much bigger issue which resulted in over half of their 800 stores being closed due to their pay systems and self-service checkouts not working.
“It's understood that Coop doesn't use Kaseya directly on its systems but that one of their software providers does. Which has led to businesses across the world asking ‘are my systems safe’.”
What does this mean for IT providers?
“As an IT service provider, we have a huge responsibility to keep our clients and their data safe, and the tools that we use are a key part of this service. This includes; keeping anti-virus up-to-date, installing patches to prevent attacks, monitoring systems to make sure that they are behaving how they should be – the list goes on.
“As an IT provider it’s concerning to learn about a direct attack on a tool that is instrumental to our sector, however, I remain confident that the systems that we use are safe."
What does this mean for IT Hotdesk customers?
“At IT Hotdesk we use the management tool ConnectWise rather than Kaseya, therefore our customers are not in any direct threat from the attack.
“ConnectWise uses an entirely cloud-based solution within their own network which is very well secured. Hackers would have to compromise ConnectWise themselves rather than us to be able to do anything like what they have managed to do with Kaseya.
“Communication between the agents and ConnectWise is fully encrypted with a unique key for each client. Access to the tools requires multi factor authentication and we are very careful to ensure that our systems are as secure as possible. Nonetheless, we are asking ConnectWise what they are learning and doing to ensure this cannot happen to them in any form.”
What if a member of my supply chain has been attacked?
“Similar to the Coop, your business may be impacted by the attack even though your IT provider does not use Kaseya.
“For example, if your main supplier is attacked and effectively shut down, what impact does that have on your business? Can you still get the parts or services you need to be able to supply your own customers?
“It’s better to be proactive than reactive in these situations. Speak to your suppliers and find out their IT strategy. Have they been audited? How do you know that their systems are in good shape?
“As a business, it's important that you work with suppliers who are aligned to your values, and that has a robust IT strategy.”
What happens next?
“As cyber criminals become smarter, supply chain attacks will become more common and the level of attacks will increase.
“We can’t predict the next crisis but we can prepare for it. Having a business continuity plan will help you safeguard your operations and minimise the disruption to your business and customers.”
If you would like to learn more, please don’t hesitate to get in touch with the IT Hotdesk team by filling in the form below.