Skip to content

Hard reflection on the cyberattack on Kaseya

What happened to Kaseya? How can we avoid it?

Imagine being offered an electronic lock for your front door. One that allows you to open the door through a mobile application in the cloud, would you accept it?

They promised that they would never lose the key, that with the app your would be able to open the door remotely and even through a webcam in the peephole, the device will be able to recognize your face and welcome you.

Well, that would be making things even easier, thieves no longer would have to go door by door, breaking locks. A good thief would be enough to break the security of the company that manages the application in the cloud and resell the master key to the highest bidder on the deepweb, this includes criminal groups around the world. Days later, if not the same evening, specialized thieves will enter the houses of the selected clients, because, of course, in addition to the master key, they will have a list of clients with attributes, names and addresses. The cloud company will have to choose between crying, denying everything and declaring bankruptcy. The president of the company (CEO) will probably be the first to sell his shares in a hurry.

Weeks after the thieves almost run out of addresses on their lists, thanks to the webcam and access logs, because through those they will know that there is no one at home, the owners will arrive at their homes and when they arrive, they will not know what happened, among other things because there will not even be, a forced door.

Please don’t laugh, does it look like the script from an upcoming Netflix production? You should know that what I tell you has already happened before, including the CEO selling shares in a hurry.

It may seem like a step back, but making the decision to go back to old-fashioned IT management can be the difference between life and death for a business. Cost reduction, service outsourcing and the culture of “everything in the cloud” leads us inexorably to this phenomenon.

It happened. It’s happening. It is ransomware. It is about encrypting all the information and then blackmailing for its recovery, its decryption.

They enter your house, they take everything and if you want to see it again, you will have to pay a ransom. The information is still there, encrypted, inaccessible. Nothing works and what is worse, if you try something or you don’t pay on time, they will erase everything forever.

This time those affected are not governments or large companies. They are greengrocers, nursery schools, restaurants, dentists… hundreds of small and medium-sized businesses have had to close due to their computer systems being blocked. Again, a ransomware attack that encrypts and locks all the hard drives on your computers. Tomorrow it could be your business… or your own personal mobile. It is connected to the cloud, right?

All the victims had one thing in common: the remote access and patch management software they used at their companies. This software, Kaseya, is sold to managed service providers – outsourced IT departments – which they use then to manage their customers’ networks, usually small businesses. That software, of course, works in the cloud.

The cost of the ransom is not the most important thing, although the figures are not small (we speak of 70 million dollars for Kaseya, an average of 300 thousand USD to each individual affected).

Could it happen tomorrow again?

Absolutely, YES.

The problem is no longer the software itself. It’s not that Kaseya is a bad software or it is poorly made. Probably its level of engineering has nothing to envy to the giants of the industry like Microsoft. Everything can be improved, but that is not the issue.

As it happened with Solarwinds, a security problem led to hackers taking their malicious software inside the client, using the attacked software’s own update system to spread. Like a virus that replicates inside its victim and spreads to relatives, once inside a house, sheltered from heating and blankets. Once the attack perpetrated this way, the company in turn had problems sending the patches to its customers, that is, the patient could not get the medicine that would cure him. For some customers who never responded electronically, they had to call them to tell them the software update procedure.

The problem with Kaseya is that we are not talking about software for large companies, which requires qualified personnel for its operation, but rather a software used to provide services to small companies without technical personnel, or very few, and that cannot manage such an attack.

While Solarwinds is used by government organizations, banks, and companies on the top 500 Standards & Poors (an American financial services rating agency) list, Kaseya is used by small and medium-sized businesses around the world, and the security problem is much more massive and its impact can be even more devastating.

If the attack is directed at a company, and it is successful, it allows taking control of that company. If one service provider is attacked and the attack succeeds, all their customers’ systems can be accessed. That is why the attack on Kaseya is so serious, because Kaseya has tens of thousands of customers around the world due to its SaaS (Software as a Service) model.

Although Kaseya is a US company, affected companies have already been reported throughout Europe, the Middle East, Asia, and South America.

The attack was so successful that companies like Elliptic, which analyze cryptocurrency networks to analyze unusual traffic, are scared by the number of victims who are proceeding to pay ransoms. No doubt, if the attack was a success and made lots of profit, there will be many more.

Can it be helped?

Well, imagine that you’re invited to a barbecue in a garden. Everything is beautiful, it looks like a villa in Italian Tuscany. The temperature is perfect and the aroma of the food is delicious. The wine, the company, everything is fantastic.

There is only one problem, mosquitoes are going to devour you. When you go back home, you will not be able to sleep, you will end up full of bites and will wonder how it is possible.

Something similar happens with Kaseya and Solarwinds. They are fantastic, but, do you see yourself all your life assuming the inconvenience of eating in the countryside? It is not about putting on pants or applying insect repellent. There are wasps, ants, all kinds of bugs in the countryside, attracted by people and the smell of food.

A party in your home kitchen may be less glamorous, but if you just want to eat well and not watch out for mosquito bites, you know the smart thing to do. It will be more inconvenient, even more expensive, but it controls the environment.

The same goes for applications based on the cloud or based on the SaaS model. They have many advantages, but security is not one of them, because you delegate it to organizations that you do not know.

If you rely on IT for your business continuity, you may need to step back and go back to more conservative models. After all, trends go by and the world keeps on running.

References:

https://www.wsj.com/articles/kaseya-hack-ripples-across-europe-as-ransomware-boom-escalates-11625823001

https://techcrunch.com/2021/07/05/kaseya-hack-flood-ransomware/

https://pandorafms.com/blog/es/monitorizacion-y-seguridad/

https://csirt.divd.nl/2021/07/04/Kaseya-Case-Update-2/

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a business oriented on-premise monitoring software. It started from scratch in 2004 under open source license GPL2 as a personal project of its CEO and founder, Sancho Lerena; since then it has evolved, becoming a monitoring suite for companies, crossing borders and languages and offering one of the most complete solutions on the market.

Flexibility has been one of the main features of Pandora FMS since its creation; hence its acronym: F for “Flexible”, M for “Monitoring” and S for “Software”.

Pandora FMS goal is to offer an integrated and horizontal monitoring solution for companies, capable of combining information from different sources and departments to offer a single control board of the whole technology of the company, at all levels.

Our main sales office is located in Miami (USA), and our core development team is in our office in Spain. We have partners all around Europe, Asia and South America, and clients in more than 40 countries.