We’re all well aware of the Kaseya breach by now. But... do you remember their incident back in 2019? Here’s their helpdesk announcement which explains it.
Seems as if they didn’t learn their lesson then. What’s next? Another SolarWinds attack? Or perhaps a revisit to NinjaRMM (2019 breach) or Wipro (2019 breach)?
Then there’s the Dallas based MSP Tyler Technologies who were breached in 2020. Remember that one? I do…along with dozens of other examples. Each a replica of the previous breach. And once again this happened over a holiday weekend to increase the potential for their success. While most organizations may have monitoring, internal or as a service, few have 24x7x365 detection and response. (Hint - it doesn't have to be that way)
If they (and you) don't learn the lessons of history.... you are doomed to repeat them.
Anyone that knows me, heard me speak, sat down in a face to face meeting, or has worked with London Security over the last five+ years knows I never trusted these service providers. I stated back in 2014 that we would see service providers being attacked because it makes it easier for the attackers to breach one to impact many. It’s a basic “land and expand” strategy.
As the investigations into this breach evolve, we’ll start to hear:
how Kaseya was breached months ago…and it went unnoticed.
how they’re going to blame it on some zero-day unknown (that there wasn’t any way for them to possibly have prevented)
all sorts of excuses!
But we all know what they say about excuses…right?
“You want to know how NSA attacks you? They quite literally know your network better than you. They know your admin tools better than you. They know your access management better than you. They know your patch status better than you. And they probably know your passwords better than you,” “In 2020, I would say cybercrime groups, probably know your data as well as some of the NSA actors would know your data. They know your network. They know your tools. They know how to use it, and they know where to target. They know where to get it, and they know what data to steal first, then what data to encrypt afterwards.”
Look – the simple reality is that Kaseya, spent millions on their security but never bothered to do the simplest of things – actually test their security for a breach. Oh, I know they have done all sorts of audits and vulnerability scans. But... I’ll bet they never ran an actual ransomware risk assessment against their environment to see how it would respond, what alerts would be generated, and if any of the impact would trickle to their partners and customers. Why? Because they never thought it would happen to them! Pride before the fall.