[ad_1]
It probably was inevitable two major cybersecurity threats of the day— supply chain attacks and ransomware would be combined to cause havoc. This is exactly what happened on Friday evening, when the famous group of criminals REvil encrypted the files of hundreds of companies at the same time, thanks to apparently dangerous IT management software. And that’s just the beginning.
The situation is still developing and some details — most importantly, how the attackers first entered the software — are unknown. But the impact has already been severe and will worsen given the nature of the targets. The aforementioned software, Kaseya VSA, is well-known among the so-called service provider providers because they offer IT infrastructure to companies that would rather outsource this thing than manage it themselves. This means that if you successfully hack an MSP, you suddenly have access to its customers. It’s the difference between cracking the safe deposit boxes one by one and stealing the skeleton of the bank manager’s skeleton.
So far, according to security company Huntress, REvil has hacked eight MSPs. All three of which Huntress works directly are 200 businesses that found their data encrypted. It doesn’t take much extrapolation to see how much it gets worse from there, especially considering Kaseya’s ubiquity.
“Kaseya is the Coca Cola of remote management,” says Jake Williams, the company’s chief technology officer for responding to BreachQuest incidents. “As we go on a holiday weekend, we don’t know how many victims there are until next Tuesday or Wednesday. But it’s monumental.”
The worst of both worlds
MSPs have long been a well-known target, especially nationwide state hackers. Playing them is a terribly effective way to spy, if you manage. As a Justice Department indictment showed in 2018, China’s APT10 elite spies used MSP commitments hundreds of gigabytes of data are stolen from dozens of companies. REvil has previously turned to MSP for its base to join a third-party IT company kidnap In 2019 22 Texas municipalities at a time.
Supply chain attacks are becoming more common, especially The devastating SolarWinds campaign last year Russia granted access to several U.S. agencies and several other victims. Like MSP attacks, supply chain hackers also have a multiplier effect; A software update can result in hundreds of victims being infected.
You can begin to see, therefore, why the supply chain attack targeted by the MSP can have exponential consequences. Throw fragile system ransomware into the mix, and the situation becomes even more unsustainable. It is reminiscent of the devastating attack on NotPetya, which also used a supply chain commitment that initially looked like ransomware but actually spread to the nation-state attack by Russia. A new Russian campaign also comes to mind.
“This is SolarWinds, but with ransomware,” says Brett Callow, a threat analyst at Emsisoft’s anti-virus company. “When a single MSP is put at risk, it can affect hundreds of end users. And in this case it seems that multiple MSPs are at risk, so …”
Williams on BreachQuest says REvil seems to be demanding the equivalent of about $ 45,000 from victim companies cryptocurrency Monero. If they don’t pay within a week, the order doubles. Security news site BleepingComputer reports REvil has asked some victims for $ 5 million in a decryption key that unlocks “all of your encrypted network computers,” which may be targeted at MSPs rather than customers.
“We often talk about MSP being the‘ mother ship ’of many small and medium-sized businesses and organizations,” says John Hammond, chief security researcher at Huntress. “But if Kaseya is successful, the bad actors have put all the mother ships in jeopardy.”
[ad_2]
Source link
