Another Week, Another Hack: Kaseya

The latest event hitting the news is about a company most of you have probably never heard of before, Kaseya, and how they got hit with a ransomware attack.

Who or what is a Kaseya?

Well, the average person, unless they work in IT or a related industry, likely has no clue.

Kaseya, a US-based company, produces a range of software that is widely used by IT service providers, the most prominent of which is called VSA, or Virtual Systems Administrator. The VSA software allows providers primarily to monitor and remotely access their client's computers. 

Pretty ironic right? The guys doing the securing are the ones who got hacked? Well, not really if you think about it. Who would you target if you wanted to cause the most digital carnage? Right? It's all coming together now.

Basically, by hacking software like this, the Russian Hacking group, REvil, can gain access to the many companies that IT service providers support. That's why the news keeps referring to this as a "Supply Chain Attack." Hack just one thing, and then get access to potentially thousands more.

Think of it this way, if a burglar could learn to break into one type of lock that gains access to the most number of homes, they'd probably start there. Well, REvil is an elite hacker group, so this and many other similar products out there are likely right in their crosshairs. Along with the countless other hacking groups out there, these sorts of suppliers better get on their A+ game, and spare no expense when it comes to security.

So, how'd this happen?

Well, those details are still a bit grainy. There are reports that Kaseya had an unpatched vulnerability going back a few months, and as unpatched vulnerabilities go, particularly high value ones, this one got compromised.

The hackers were pretty smart about it too. They waited until the Friday before the 4th of July holiday to strike. They knew many people would be either on or getting ready for a long weekend, and were hoping to catch them with their guard down. Now, REvil is demanding a $70 million payday for companies to get their data back. Ouch, that's gotta sting. 

Who got hit?

Swedish supermarket chain, Coop, had to shut down over 800 locations due to this, for one. Otherwise, there aren't a ton of other reported victims, but the number is estimated to be around 800 - 1500. While this is no consolation to those affected, damage was limited to those who hosted their own Kaseya software, while the Hosted and SaaS versions of the application are allegedly in the clear - for now.

Those instances are still down as of this writing, so over a week and counting. It hasn't been made known if the hosted clients got by because of the enhanced security the hosted product offers or because they shut it off, and kept it off, before anything could be affected. Guess we'll see what happens when they finally do come back online.

What happens from here?

Well, there'll be a ton of money spent on forensic investigations and some finger pointing. If it shakes out like most of these do, those paying for the investigations will blame poorly secured, self-hosted servers. Now I'm not saying adhering to best security practices isn't paramount to the job these days, I'll reserve judgement until more information is released about the alleged unchecked vulnerability in the software.

Will many IT Providers try and flee Kaseya? Potentially, but this can happen to any of the alternative solutions, and likely will. Unless you're ready to stay offline, you need to stay on top of this stuff.

Do I think hosting such things yourself is a good idea? Absolutely not. No matter how skilled and diligent you try and be, you can't compete with the resources of a hosted solution. Especially in light of what just happened, they're likely going to go to over the top with new security measures.

All you can continue to do is maintain best practices including:

  • Strong Passwords with Two-Factor Authentication
  • Keeping Systems Patched and Up-To-Date
  • Using 3rd-Party Monitored Next-Generation Security Software
  • Implementing Firewalls with Next-Generation Threat Management

So, that sums up what we know about the Kaseya hack thus far. Get in touch with us if you have any questions, comments, or updates!

Click here to schedule a free 15-minute meeting with Stan Kats, Founder and Chief Technologist.

STG IT Consulting Group proudly serves Greater Los Angeles and surrounding areas for all of your IT needs.
We look forward to meeting with you!

STG IT Consulting Group's Logo

More Current Events:

Let’s Talk About The Colonial Pipeline Hack