The Kaseya Attack Effect
The Kaseya attack demonstrates how cyber crime is a big, organized business. How big? You can subscribe to “Ransomware as a Service” and outsource attacks on your intended targets. How organized? Hacker groups and service providers, such as the REvil Ransomware Group and DarkSide, actively manage their brands and reputations. The REvil attack on Kaseya shows us that cyber criminals are technically advanced and operationally sophisticated. The nature of the attack, and its scope, should scare you.
By using known vulnerabilities in Kaseya’s VSA Remote Monitoring and Management system, REvil was able to create an automated ransomware distribution network. They used the very systems that Managed Service Providers (MSPs) use to monitor and manage customer servers, computers, and networks.
The Impact
MSPs update their Kaseya VSA servers automatically installed the Ransomware on their customers’ systems, as well as their own. Best estimates are that up to 1,500 small and medium-sized companies are victims. While this number seems small, those 1,500 business face an existential threat. Remember: more than half of businesses victimized by ransomware fail within six months.
Most MSPs shut down their Kaseya VSA services before spreading the ransomware. These firms had no ability to monitor, manage, or remotely support their customers. Customers facing IT issues were met with longer diagnostic and resolution times, resulting in business disruption, lost productivity , and the possibility of data loss.
As a managed cloud service provider, Cumulus Global does not use the Kaseya VSA system. Our clients were not at risk, via our services, from this attack.
The Lessons
We were on the sidelines for the Kaseya attack. We understand, however, that the way in which may cloud services are managed create connections between vendors, resellers, partners, and customers. While these connections do not generally provide any access to customer data, they do provide access to management functions and information about users. This information, in turn, could be used to improve the effectiveness of phishing attacks, spoof identities, and gain access to systems.
As a trusted IT advisor and a managed cloud service provider, we are part of a connected supply chain. We take our responsibility to secure our part of that chain seriously. While we follow commercially accepted best practices for security and privacy, the Kaseya attack warns us to step back and re-evaluate our strategy, policies, and procedures.
Our Next Steps
Cumulus Global is conducting an internal review of all of our internal and operational systems, including vendor portals and services we use to order, provision, manage, and support cloud services. As part of this review we are examining our policies and procedures related to:
- Identity management and protection
- Access to the systems
- System level permissions related to function and data
- Roles and responsibilities with respect to security and privacy
- Business continuity plans and capabilities
Through this process, we are challenging our assumptions, re-assessing how we operate security and effectively, and raising our expectations for how well we protect ourselves and our customers.
We will also be making recommendations to our clients, and the broader community, on steps they can take to improve their security profile and protections.
Your Next Steps
As a user of cloud services, and technology in general, have responsibilities as well.
- Understand the scope and best practices for cyber threats and security
- Understand the “CPR” model for
- Communicate & Education
- Protect & Prevent
- Respond & Recover
- Commit the appropriate resources to implement a cyber security program that matches your needs, priorities, and budget.
We Can Help
To assess your cyber security status, discuss your risks and needs, and identify solutions that fit your business and your budget, contact us to schedule a complimentary session with one of our Cloud Advisors.