SolarWinds and Kaseya are the two latest cybersecurity firms to infect thousands of their clients with ransomware and other forms of malware. Have you noticed the number of online security “solutions” that come from “The Cloud”? It’s a phenomenon that highlights the convenience of cloud-based applications and our dependence upon them. In the light of the SolarWinds Kaseya cybersecurity failures, how can we trust insecure solutions to boost our online security?
Continue reading to learn more about recent issues that question the wisdom of cloud dependance for cybersecurity.
SolarWinds Kaseya cybersecurity failures
It’s one thing to have cool security software. It’s another thing to have cool security software that makes you and your business less secure. In fact, both Kaseya and SolarWinds serve as gateways for hackers to attack thousands of business customers, causing millions, if not billions, of dollars in damages.
Insecure Security Services
Let’s take a quick look at the facts as published by The Guardian:
Hackers infiltrated Kaseya, accessed its customers’ data, and demanded ransom for the data’s return. Making the hack particularly grave, experts say, is that Kaseya is what is known as a “managed service provider”. That means its systems are used by companies too small or modestly resourced to have their own tech departments. Kaseya regularly pushes out updates to its customers meant to ensure the security of their systems. But in this case, those safety features were subverted to push out malicious software to customers’ systems.https://www.theguardian.com/technology/2021/jul/06/kaseya-ransomware-attack-explained-russia-hackers
Kaseya and its resellers installed cybersecurity software on their clients’ networks only to provide a gateway for hackers to destroy those clients’ businesses.
Do you want to rely on insecure security services? Does that make sense?
The worst ever: Kaseya ransomware attack
Not only was the hack of security provider Kaseya bad, it was the worst ever.
Hackers last week infiltrated a Florida-based information technology firm and deployed a ransomware attack, seizing troves of data and demanding $70m in payment for its return.
The hack of the Kaseya firm, which is already being called “the biggest ransomware attack on record”, has affected hundreds of businesses globally, including supermarkets in Sweden and schools in New Zealand.https://www.theguardian.com/technology/2021/jul/06/kaseya-ransomware-attack-explained-russia-hackers
SolarWinds Kaseya Cybersecurity Failures
SolarWinds Kaseya cybersecurity failures are grouped together for three reasons. First, two similar online security providers were compromised in the same way. Second, the hack affected thousands of customers who depended on those firms for the provision of cybersecurity. Third, both hacks occurred in proximity to one another.
Kaseya got hacked
Although Kaseya now holds the title for the world’s worst ransomware attack, SolarWinds follows closely behind.
SolarWinds: Hold my beer
Although the SolarWinds attack didn’t match the scale of the Kaseya hack, they came close.
In fact, by hitting the politicians close to home, the SolarWinds hack gained more traction in the news. It also gained more attention from American politicians.
Politicians and bureaucrats care more about damage to the government than they care about damage to small and medium-sized businesses. Guaranteed.
You didn’t hear the U.S. Senate talking about the Kaseya hack, did you? They, however, quickly addressed the SolarWinds cyber incident:
The SolarWinds computer hack is a serious security issue for the United States. The operation has affected federal agencies, the federal courts, numerous private-sector companies, and state and local governments across the country. It is one of the most sophisticated cyberattacks ever conducted.https://www.rpc.senate.gov/policy-papers/the-solarwinds-cyberattack
In other words, SolarWinds, however, managed to compromise victims that are more well-known than Kaseya’s victims. Therefore, SolarWinds gets more attention than the Kaseya disaster.
Russians successfully compromised about 100 companies and about a dozen government agencies. The companies included Microsoft, Intel and Cisco; the list of federal agencies so far includes the Treasury, Justice and Energy departments and the Pentagon.
The hackers also found their way, rather embarrassingly, into the Cybersecurity and Infrastructure Security Agency, or CISA — the office at the Department of Homeland Security whose job it is to protect federal computer networks from cyberattacks.https://www.npr.org/2021/04/16/985439655/a-worst-nightmare-cyberattack-the-untold-story-of-the-solarwinds-hack
Do you see the problem?
By hacking cloud-based IT supply chains, hackers expand their efficiency and their reach.
One hack yields thousands of victims.
Kaseya served as a gateway network for hackers to infiltrate and inflict mortal wounds on thousands of businesses. SolarWinds gave hackers access to Big Tech firms and the U.S. Government.
Learn lessons from SolarWinds Kaseya cybersecurity failures
Let’s start with the obvious: (1) Don’t trust Kaseya with your online security. (2) Don’t trust SolarWinds with your online security.
The SolarWinds Kaseya cybersecurity failures demonstrate that you should never depend on large cloud-based security providers. These firms are too big to provide for the security of their intricate infrastructures. They are built for hackers to attack.
If you think this is the only time Kaseya got hacked, you’re wrong. If you think Kaseya will never get hacked again, you’re wrong.
If you don’t think SolarWinds Kaseya cybersecurity failures don’t affect you, think again.
Cybersecurity Resellers Targeted
Kaseya serves numerous companies directly with cloud-based network security. The company also distributes its software through Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs). So does SolarWinds.
SolarWinds resellers targeted
That means the SolarWinds and Kaseya cyberattacks affect thousands of client businesses and millions of those clients’ customers.
‘SolarWinds Hackers’ Now Hitting Resellershttps://www.crn.com/slide-shows/security/-solarwinds-hackers-now-hitting-resellers-5-things-to-know
Kaseya-MSP Clients Remain at Very High Risk of Further Targeted Attacks
Here’s what one news outlet has to say:
Kaseya-MSP clients remain at very high risk of further targeted attacks using information gained from an initial ransomware compromise…
Statements from Kaseya’s website and Huntress Labs identify the attack vector exploited as CVE-2021-30116, a SQLi vulnerability in on-premise (client hosted) VSA servers used by Kaseya to distribute services and updates to clients.https://blog.eclecticiq.com/kaseya-msp-clients-remain-at-very-high-risk-of-further-targeted-attacks-juli12-2021
How to respond to insecure online security
Unless you want your business and your life destroyed, avoid cloud-based online security solutions. Avoid Kaseya. Avoid SolarWinds.
Chose on-premesis online security providers and on-premises security software. If you don’t you will get burned. It’s a matter of when you’ll get attacked via your security service provider, not when.
Learn more from Simple Online Security
Contact us via email to URGENT@SimpleOnlineSecurity.com, if you need simple, practical, and safe online security support.
Don’t leave! Before you leave our site, check out some of the other security-related materials we’ve published.