A new assault has appeared, this time targeting a Miami-based firm that provides technology management tools to businesses all over the world. The assault on software provider Kaseya is said to have impacted hundreds of enterprises in Sweden, including a railway, drugstore network, and supermarket chain.
The assault targets a Kaseya product called VSA, which allows small and medium-sized organizations to remotely monitor their computer systems and automatically handle periodic server maintenance and security upgrades, among other things.
“We have been advised by our outside experts, that customers who experienced ransomware and receive communication from the attackers should not click on any links — they may be weaponized,” the company said in its most recent alert, adding that it’s working with the FBI to address the cyberattack.
The hack hit less than 40 clients, but some of them are managed service providers, who may provide IT solutions to hundreds of organizations. Due to the incident, Coop, one of Sweden’s major food chains, had to close at least 800 of its stores. Kaseya claims that at least one of its products is used by over 40,000 organizations throughout the world, albeit not necessarily the VSA service.
“The global Kaseya attack is a reminder that the public and private sector need to change the way cyber conflict is fought. The truth is that attackers still enjoy the advantage. The goal isn’t to block and prevent all attacks — operations like Kaseya and SolarWinds demonstrate that’s not always possible – but rather, the goal is to quickly detect suspicious or malicious activity, and ensure you have the visibility, intelligence, and context to understand and remove the threat,” said Lior Div, CEO and Co-founder, Cybereason.
Kaseya’s technical teams are available round the clock to assist impacted end users, clients, and MSPs in navigating the cyber insurance process as well as dealing with federal and state authorities from a legal standpoint. When it comes to technological response, the firm has also been able to help and offer value to victims.
“Supply chain attacks should be top of mind for all companies, including those using MSPs. It’s essential to do due diligence on who is hosting and managing your data. While you can outsource the work, you can’t outsource the risk — almost everyone is susceptible to supply chain attacks. Still, companies need to make sure they have the proper protocols and robust third-party risk assessments in place ahead of these attacks so they can respond efficiently. This way, if there is an attack, you have options for redundancies ready to be put in place, and you can pivot to an alternative solution with minimum impact on your business,” said Ben Carr, CISO, Qualys.