Connect with us

Hi, what are you looking for?

Tech & Science

Ethical hacker looks at the how and why behind the Kaseya cyberattack

The recent ransomware attack on Kaseya has demonstrated the very real risk facing organizations today.

Image: — © AFP
Image: — © AFP

News about ransomware continues to escalate and cause concern within the business community. With recent, high-profile attacks against global software management provider Kaseya, gas supplier Colonial Pipeline, popular Cape Cod ferry service The Steamship Authority, and JBS, the world’s largest meat company by sales, as major examples.

The attacks highlight ransomware’s ubiquity and effectiveness among the different kinds of cyber threats.

The most recent of these attacks has been against Kaseya. Kaseya is an international company that remotely controls computing infrastructure for over 200 companies.

The Kaseya attack took the form of two incidents. Attack one first an attack against dozens of managed service providers using Kasey VSA ‘0-day’. Attack two saw the use of the VSA software to deploy the REvil ransomware throughout businesses who were customers of that managed service provide.

As the IT world continues to learn more about Kaseya ransomware attack, a focus needs to be placed on prevention, according to Casey Ellis, CTO and founder, Bugcrowd.

Ellis explains to Digital Journal why these attacks are becoming more prolific and best practices prevent against them.

According to Ellis: “The thing I find most concerning about this attack is the coupling of supply-chain techniques to gain access with the incentives and devastating impacts of ransomware, including the encryption and denial of service to systems.”

Ellis draws out a concern in relation to the frequency and scope of these forms of attack, noting: “Something that is immediately interesting about this attack is the fact that only eight months after SolarWinds – a relatively non-destructive nation-state supply chain attack – it looks as though cybercriminals, or smaller financially motivated nation-states, are deploying these techniques.”

Ellis adds, in relation to the rogue actors: “This means they have the resources to create or procure the necessary tooling, possibly out of the proceeds of other ransomware operations. The REvil operators set their ransom between 45,000 and 5 million dollars per organization, and have since released an offer of 50 million dollars to decrypt all systems affected by this attack.”

The historical significance is one thing, actions are another. Ellis explains: “Aside from being the largest ransomware payment in history, this would provide ample capital for REvil to reinvest in progressively better and more invasive tooling for future attacks.” Ellis concludes that any attack is a major concern; “It also raises the topic of whether “you’d prefer to get hacked by Russia, or the REvil gang? Nation state attacks have national security and economic implications, while cybercriminals tend to be more destructive and impactful to the affected business themselves.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Social Media

Wanna buy some ignorance? You’re in luck.

Tech & Science

Under new legislation that passed the House of Representatives last week, TikTok could be banned in the United States.

Life

Platforms like Instagram and Pinterest often suggest travel destinations based on your likes and viewing habits.

Social Media

From vampires and wendigos to killer asteroids, TikTok users are pumping out outlandish end-of-the-world conspiracy theories.