Over the weekend, thousands of businesses were caught up in a global cyber-attack that is being blamed on a Russian hacker group called Revil. It is disappointing when geo-politics impacts everyday business, and the reports talk about President Biden ordering a probe. Let us hope that any probe can restrict and reduce ransomware in general.
This attack was vectored through a piece of IT support software called Kaseya VSA, used widely around the world, including by a number of NZ IT support businesses. The irony is that this tool is used specifically to manage software patches for organisations to help keep them safe from hackers.
Kinetics does NOT use Kaseya. Neither us, nor any of our clients were impacted.
Kaseya is an excellent support product, and is very similar to the tool we use. A number of friendly competitors do use it, and they have been working through guidance from the supplier today. We have offered assistance to them.
Some of the businesses you interact with may be impacted.
So far there are reports of over 1,000 businesses around the world being impacted, and ransom between $US64,000 and US$5M being demanded.
It is clever to attack software used in common by many businesses. There are all sorts of shared software like this in use, from antivirus to desktop support utilities, and from remote control tools to more sophisticated platforms like Kaseya. There are common login tools, EDI, conferencing software, reporting and so on, all vital to ensure organisations can be more productive together.
At Kinetics we have been aware of the possibilities of these types of supply chain attacks. We have highlighted them in our security webinars and news posts. We have been vigilant with our software tools and ensured all supplier guideline recommendations are complied with, as part of a layered security web. In the case of the Kaseya attack, it looks like an auto-update feature was exploited. This has reinforced our procedure which is more proactive and cautious.
There will be lots of lessons coming over the next few days and we can all learn from them.
We’ve been warning about the massively increased cyber-risk environment for some time, and it just got even worse. The risk is real. Every business is a target and at risk. One lesson we can call out is the need for DR planning, and being aware of the support tools from all suppliers that are in use on your platform. Every organisation needs practices to reduce risk, and manage intrusion protection and recovery.
We will set up a webinar in a couple of weeks to review this in more depth so we can share our learnings.