© Reuters. File photo: In this illustration taken on July 6, 2021, a smartphone with the words “ransomware attack” and binary code can be seen in front of the Kaseya logo. REUTERS/Dado Ruvic/Illustration
San Francisco (Reuters)-Cybersecurity experts said that as many as 1,500 organizations were paralyzed by a ransomware attack in July that destroyed the technology management software of a company called Kaseya, which triggered a search for similar vulnerabilities among criminals Contest.
Investigators said that an affiliate of a top Russian ransomware group called REvil used two huge flaws in the Florida-based Kaseya software to break into about 50 managed service providers (MSPs) using its products.
Now criminals see how powerful the MSP attack is. “They’re already busy, they’re already acting, and we don’t know where we are going,” said Victor Gevers, the head of the non-profit Dutch Institute of Vulnerability Disclosure. Warns of Kaseya’s weakness before the attack.
“This will happen again and again.”
Gevers said his researchers have found similar vulnerabilities in more MSPs. He declined to disclose the names of these companies because they have not resolved all issues.
Hosting service providers include companies such as IBM (NYSE:) and Accenture (NYSE:) provide cloud versions of popular software and professional companies dedicated to specific industries. They usually provide services to small and medium-sized companies that lack in-house technical capabilities and often improve security.
But MSPs are also effective carriers of ransomware because they can widely access the networks of many customers. Kaseya’s software served many MSPs, so before Kaseya warned everyone, attacks multiplied, quickly encrypting data and requiring each victim to pay a ransom of up to $5 million.
During the coronavirus pandemic, with the rapid increase in remote work, MSP’s business flourished.
Chris Krebs, the first head of the Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. Department of Homeland Security, made ransomware a top priority. He said: “This is how you find the right Trustworthy access to the customer’s system.” “Initiating a breakthrough attack is a more economical method. It is also difficult for the customer to defend.”
Ashish Gupta, CEO of Bugcrowd, said that Bugcrowd Inc is one of several platforms where researchers can report vulnerabilities, and it has also found security vulnerabilities as serious as Kaseya, which may be because MSP is growing so fast.
“The time-to-market requirements are so high that sometimes speed becomes the enemy of security,” Gupta said.
Service providers have also been targeted before—most notably the suspected Chinese government hackers who tracked large technology companies in a series of vulnerabilities called Cloud Hopper. https://www.reuters.com/investigates/special-report/china-cyber-cloudhopper
Two years ago, REvil attacked more than 20 municipalities in Texas through a shared provider, but only asked for a ransom of 2.5 million US dollars at the time, said Andy Bennett, the state official in charge of the response at the time. .
As the REvil blackmailers demanded a record $70 million to reverse all Kaseya’s losses, he said, “They are obviously more aspiring now, and their methods are more cautious.” It is not clear how much ransom was eventually paid. How many companies are affected.
The increase in ransomware attacks has led US President Joe Biden to warn Russian President Vladimir Putin that unless the authorities control them, the US will deal with the most serious hacker groups operating on Russian territory.
On July 22, Kaseya stated that a security company had developed a universal decryption key without paying criminals, which led to speculation that Putin had provided help or that the US agency had invaded REvil.
Eric Goldstein, Executive Assistant Director of Cybersecurity, said that CISA is trying to educate MSP and its customers about the risks and how to respond.
Less than two weeks after the Kaseya attack on July 2, CISA issued guidelines https://www.cisa.gov/sites/default/files/publications/CISA%20Insights_Guidance-for-MSPs-and-Small-and- Mid-sized- Businesses_S508C.pdf Learn about the best practices on both sides of the equation. CISA also provides free risk assessment, penetration testing and network architecture analysis.
“Organizations need to investigate the security of their MSP,” Goldstein said. “The broader consideration here is that organizations large and small understand the importance of trust relationships between them and entities that are connected to their environment.”