Our Response to the Kaseya Attack
With over 60 channel partners and many who use Kaseya products, the Kaseya VSA hack and ransomware attack hits close to home. Unfortunately, this is not only just one of the many ransomware attacks in the last year, but apparently one of the largest yet.
It is no coincidence that the attack was over the July 4th weekend, but done specifically at a time when there were the least amount of people who can respond available at Kaseya or the targeted businesses.
If you are a Kaseya customer and wondering if you or your customers were compromised, they recommend emailing firstname.lastname@example.org with the subject “Compromise Detection Tool Request” and they will provide you with a compromise detection tool you can run on your systems.
Kaseya is also publishing updates related to the attack here.
Preventing & Mitigating Ransomware Moving Forward
In an interconnected world, preventing & mitigating ransomware attacks is becoming harder. Like the SolarWinds attack, the Kaseya VSA attack is a “supply chain attack”, which means that the software of a vendor your company using was compromised. It is extremely hard to prevent that kind of attack.
For example, if Windows pushes a malicious update. Is there anything we can really do to prevent it?
The Importance of Zero Trust & Protecting Your Most Important Assets
The answer is yes and no. No, we can’t prevent every device in all companies from being infected all the time, but we can make it that even if they are hit by malware, the damage is limited. Access to important internal resources should be heavily restricted to prevent malware spread. Cloud resources should be protected with 2FA and locked down to dedicated IP addresses like the one’s that Privatise provides.
The Challenge of Cloud vs On-Prem
As the world becomes more and more interconnected, a challenge that many businesses face is whether to focus on on-premise software or cloud. In many cases, companies are using a mix of cloud resources & on-premise as they move from legacy to cloud related solutions.
Kaseya was extremely fast in taking their cloud servers offline. However, their on-prem version became a major vulnerability as the response team was entirely dependent on individual IT becoming aware of the issue.
Our recommendation for small businesses that don’t have large IT teams is to expedite going to the cloud. There is no advantage at this point having 2008 Windows Domain Controllers & legacy software on on-prem devices that are in any case still connected to the Internet and receiving updates. You are getting in this case the worst of both worlds: legacy software & vulnerability to internet based attacks.
The cloud isn’t perfect. Ransomware attacks can hit synced backup file servers online as well. But shared file servers are one of the most highly coveted and dangerous targets for businesses. If you don’t need them, switch to a cloud file storage service.
Start switching to cloud versions and not the on-prem versions of software as well.
Don’t wait to start implementing Zero Trust & Cloud Protection
Businesses need to understand that time is of the essence and to start enforcing Zero Trust & cloud protection right away. Solutions like Privatise can help prevent malware and in the case of an attack like the Kaseya VSA attack, mitigate its impact.