The Next Kaseya Breach is Around the Corner
by Michelle Krasniak
While the July 4th weekend meant celebrating the United States’ Independence Day holiday for some, it unfortunately saw many falling victim to the single biggest global ransomware attack on record for companies in at least 17 countries.
REvil, the Russia-based hacker group, injected ransomware into the networks of Kaseya, an IT Management software company, gaining access to the networks of Kaseya’s customers. This third-party cyber-attack comes on the heels of the group’s attack on the world’s largest beef supplier JBS which netted the group an estimated $11 million. Reports say that the hackers are demanding around $45,000 from most of Kaseya’s customers, but due to the number of customers affected, the total amount of ransom they are demanding is an estimated $70 million.
According to Kaseya, up to 1,500 of their 37,000 customers were affected, however when you consider that 70 percent of those were managed service providers (MSPs), that number has the potential to grow exponentially as MSPs themselves are vendors to multiple companies. That’s what makes these attacks on third parties so insidious—and lucrative for the perpetrators.
Cyber attacks on third parties are not new, but Target’s significant data breach in 2013 brought them into the headlines. The fact that a third-party vendor (in Target’s case, an HVAC service provider), became an attack vector for hackers was an eye-opening revelation for both organizations and the bad actors targeting them. While companies shore up their own systems and sleep soundly with the idea that their cyber borders are secure, they oftentimes assume that the companies they do business with take the same precautions. And that’s the assumption that can potentially make hacker groups around the world very wealthy.
According to Ponemon, enterprises have an average of nearly 6000 third-party vendors, with COVID-19 and the rise of Digital Transformation increasing that number exponentially. The pandemic forced companies to transition to a remote workforce, and hackers took full advantage of the increased number of attack vectors with the FBI reporting a 500% increase in the number of cyber-attacks in the first months of the shut-down alone.
Businesses don’t operate in a vacuum, and very few operate without reliance on another business’ service or product even if it’s something as simple as having an internet provider. And on the flip side, by being a business you are, by definition, a third party. That means that you’re a potential target simply by having customers of your own. While you may consider yourself to be a “small fish” that hackers don’t care about, the fact of the matter is, hackers don’t discriminate based on company size. In fact, in the 2021 Verizon Data Breach Investigations Report, small (less than 1,000 employees) and large (more than 1,000 employees) companies had nearly the same breach occurrence rate at 263 to 307, respectively.
Offense is the Best Defense
Think of third-party cyber security risk management in terms of driving a vehicle with a foggy windshield and dirty windows. You may be able to wipe off enough to keep yourself safe from threats right in front of you, but you still have blind spots all around the vehicle that leave you vulnerable. Danger comes from every direction, and you may not see it until it’s too late to do something about it. This is the same concept of third-party cyber risk. Security teams can struggle to keep up with threats within their own organizations due to limited resources and the everchanging cybersecurity landscape. Expecting them to be able to have visibility into the security posture of all the organizations that they deal with can be a daunting task. However, with effective third-party cyber security data and ecosystem visibility, the windshield and windows become a bit clearer.
Third parties have become the top attack vector. Implementing a comprehensive third-party cyber risk management strategy that provides you with threat intelligence data on each of your vendors gives you the visibility you need to predict and prevent supply chain attacks. The next Kaseya breach is around the corner. Act now to defend yourself differently.