By Ben Carr, CISO at Qualys
Ben Carr, CISO, Qualys
Late in the evening of July 2, it became known in the United States that the hacker group REvil attacked 200 companies in the MSP supply chain via Kaseya VSA-an MSP platform that allows providers to perform patch management and client monitoring for their customers. The originally demanded ransom of 70 million US dollars, which has now been reduced to 50 million US dollars, was the largest to date among all known. It comes just a few months after the last record-breaking $ 50 million that Acer was asked to pay. The repeated attacks are a wake-up call to make supply chain security a top priority. MSPs, as in this case, are a lucrative target because they have access to the business-critical data of multiple customers. These data serve as the basis for an enormously high ransom demand.
This trend of ever-increasing ransomware inflation will continue without changing economic conditions. If the possibility of paying ransom ceases to exist, the incentive for ransomware as a criminal enterprise is lost. Part of the problem with increasing the scale and impact of attacks is that threat actors recognize the increasing potential to monetize their efforts. Taking this away, the activity is no longer profitable.
Since REvil Group are Russian criminals who do not attack companies within Russia, it is difficult to distinguish their attacks from a state-sponsored activity. After a long series of serious attacks, this once again underlines that Russia has given free rein to criminal hackers. Without the intervention of law enforcement agencies, there is no reason for these criminal actors not to carry out further attacks. Failure to prosecute can encourage further criminal activity and possibly even drive nation-state activities that would raise concerns about national security.
“It is still important to check exactly which MSP hosts and manages data. While companies and institutions can outsource the work, the risk cannot be outsourced – almost everyone is vulnerable to supply chain attacks. Still, organizations need to ensure they have the right protocols and robust third-party risk assessments in place so they can respond efficiently in advance of such attacks. In this way, you have redundancy options in place in the event of an attack and can switch to an alternative solution with minimal impact on your business, ” says Ben Carr, CISO at Qualys.