Over the holiday weekend, a major player in the IT industry suffered an attack that ended up crippling the technology infrastructure of potentially thousands of companies around the world. The company, Kaseya, provides Remote Monitoring and Management (RMM) tools used by many IT departments and Managed Service Providers (MSP) to monitor the health of their computers and servers, and remotely access them for support and maintenance. The attackers were able to use a flaw in Kaseya’s RMM tool to place ransomware on computers with the Kaseya agent installed on them.
As with the SolarWinds hack last December, this is an example of a supply chain attack. The companies suffering from the ransomware attack are often several degrees of separation away from the company that is the vector of the attack: “SmallCompany, Inc” contracts IT services to “MSP, LLC,” who purchases RMM tools from Kaseya and installs them on “SmallCompany, Inc’s” workstations and servers. Kasaya fell to an attack, giving the attackers full access to all the computers where “MSP, LLC” had put the Kaseya software.
Now more than ever, it’s imperative for businesses at every junction of a supply chain to have security processes and procedures in place to protect themselves and one another, and require proof of those controls as part of doing business. Things like endpoint protection, secured backups, security monitoring, incident response systems, and cyber insurance are all positive steps towards protecting your business and your clients, as well as speeding up recovery should an attack succeed. If you don’t have documented security practices, now is the time to start creating them.