Industry Updates

2019 was ScreenConnect. 2020 was Solar Winds. 2021 is Kaseya.

Image by nck_gsl from Pixabay

Don’t Let Your Client Be Next.

  • Why the Kaseya Ransomware Attack Is a Story About Onions
  • The Kaseya Attack Reminds Us That Cybersecurity is About Layers
  • When it Comes to MSPs, Prevention Eats Recovery for Breakfast
  • The Kaseya Ransomware Attack Could Have Happened to Anyone

They say the best offense is a good defense. But the inverse is also true in cybersecurity. A great defense includes offensive measures–like prevention, detection, and real-time monitoring.

Ransomware attacks and third-party breaches remind us that cybersecurity is a team sport. We all play a role in keeping hackers away from our doorsteps. Yet the aftermath of REvil’s attack on Kaseya serves as a cautionary tale for MSPs and SMBs alike. The moral of the story? Recovery is not the answer, prevention is.

The Fireworks Happened Online This Year

July 2nd’s holiday weekend was cut short for many. Hundreds of businesses received notifications of a breach to Kaseya’s VSA, a remote monitoring and management (RMM) tool. The culprit? Ransomware gang REvil, which leveraged their signature exploit of exposing the PowerShell vector and dropping a malicious payload.

As news spread amongst the cybersecurity community, everyone rushed to shut down their VSA servers. Some dialed up their MSP partners to find out if they had been infected. Others started combing through client desktops for signs of compromise

The lucky few that invested in multiple layers of security to protect their endpoints slept peacefully. Their advanced, proactive defenses paid off, preventing the compromise from ever conceptualizing and mitigating any potential damage. How?

Onions Have Layers

Securing the cloud may seem abstract or complex, but the same principles apply as a physical environment. Every device on your network and the Internet is comprised of the same 7 layers:

  • Hardware: servers connected by physical cables to switches and routers
  • Data Link: protocols and broadcast domains, most commonly Ethernet
  • Network: routers and IP addresses
  • Transport: TCP, UDP, SSL, and TLS
  • Session: the flow of information between two devices
  • Presentation: recognized files or payloads that are sha
  • Application: the app being used on network, like Google Chrome or Internet Explorer

Typical protections end at layer 4, leaving MSPs and their clients responsible for securing 5 through 7. This often requires firewalls, script control, and behavioral analysis. Although it may sound expensive, it doesn’t have to be. Even more importantly, the juice is worth the squeeze.

The Risk and Reward Equation

We’ve seen three general types of responses stemming from the incident on July 2nd:

  • Invest in the next shiny object
  • Indulge in complacency
  • Build a foundational strategy to reduce risk

Headlines of yet another supply chain ransomware attack has everyone worried, and rightfully so. Still, it’s better to properly vet partners and avoid purchasing snake oil. Breach remediation services and insurance only help once the damage has already been done. Not to mention they often come with hidden costs. We must be wary of those taking advantage of the current situation, leveraging fear to disguise patchworks of reactive product offerings as complete solutions.

When it comes to your business or client’s bottom line, we recognize that cybersecurity strategy boils down to a simple equation. Risk and reward. Similar to investing, wearing a seatbelt, or locking your doors.

The cloud has made it possible to store and share information, operate in remote environments, and collaborate efficiently. Yet it also invites vulnerabilities that hackers are constantly trying to exploit. Which means it’s not longer a matter of if you’ll get attacked, it’s a matter of when.

The bad guys only have to get it right once. Your IT security has to get it right all the time. By the time a cyber threat becomes a news story, it’s too late. Trust has been eroded, financial losses become apparent, and backups can only do so much.

A Path to Least Resistance

Good news is that the advent of deep learning and AI applied to information security has enabled businesses to scale their defenses without breaking the bank. When paired with expert monitoring and experienced security operations center (SOC) teams, you can feel confident that your data and client’s assets are protected.

In other words, we can do more with less by looking past the tools and tapping into a proactive mindset. One that is centered around prevention and protection, powered by the latest technology and greatest expertise.

We believe MSPs should not shoulder this responsibility alone.There’s just too much to keep up with, and we’ve seen what can happen to those who did the best they could but came up short. By finding the right partner, MSPs can get back to focusing on what they do best; supporting their customers’ technology needs and growing their client base.

The era of “set it and forget it” is coming to an end. No one should stand alone against the onslaught of cyber threats headed our way, and taking a proactive stance is the only way to win. So I leave you with a parting question: who are you trusting to watch your back?

Rob Boles, CEO of BLOKWORX

 

BLOKWORX has been at the forefront of IT cybersecurity since 2006, partnering with industry-leading entities like Deep Instinct and Palo Alto Networks to ensure MSPs and their clients are protected. Reach out to our security experts to learn about MAED, our award-winning endpoint protection that uses deep learning and AI.

Appendix and Notes

https://www.zdnet.com/article/kaseya-ransomware-attack-what-we-know-now/

https://www.bleepingcomputer.com/news/security/kaseya-patches-vsa-vulnerabilities-used-in-revil-ransomware-attack/

https://krebsonsecurity.com/2021/07/kaseya-left-customer-portal-vulnerable-to-2015-flaw-in-its-own-software/

https://www.scmagazine.com/home/security-news/ransomware/kaseya-announces-breach-detection-tool-in-vsa-fight/

https://www.kaseya.com/press-release/kaseya-responds-swiftly-to-sophisticated-cyberattack-mitigating-global-disruption-to-customers/

https://info.deepinstinct.com/tof/ransomware-prevention?_ga=2.249394887.1316346858.1627221088-259690269.1627221088