Vectra AI hopes for learning effect after Kaseya ransomware attack

Vectra AI hofft auf Lerneffekt nach Kaseya-Ransomware-Angriff


Rethinking the Management Board and Executive offices

The consequences of the ransomware attack, in which criminals have cleverly exploited security vulnerabilities in the Kaseya software, are slowly emerging.

Hitesh Sheth, CEO and Founder Vectra AI hopes that this incident will finally lead to a rethink in the Management Board and executive offices:

“Part of the job of cybersecurity leaders is to look at individual events and connect the dots. We need to identify patterns, build a bigger picture, and move beyond dire warnings to strategies for a better digital future. The Kaseya ransomware attack, which occurred on the weekend of July 4, is an opportunity, terrible as it was, to connect dots.

The Kaseya attack hit thousands of victims, most, according to the damage report, were smaller companies or institutions with a narrower budget: “dental offices, architectural offices, plastic surgery centers, libraries and so on”. Nevertheless, it made economic sense for the attackers, because Kaseya served as an efficient distribution point for their poison pill software. Kaseya VSA, the company’s widely used SaaS offering for IT automation, became the unwitting delivery system-serving the Black Hats.

Shocking? Not at all. It is the same strategy that was observed in the attack on SolarWinds at the end of 2020. Here, too, a long list of targets has been victimized by the infiltration of a SaaS provider. And the apparent actor of the Kaseya attack, Russia-linked group REvil, is also blamed for the ransomware attack on international meat processing company JBS on Memorial Day.

Connecting the points, the conclusions arise by themselves:

  • Hijacking SaaS providers makes mass attacks on small targets cost-effective.
  • Reliance on traditional counter-attack strategies has repeatedly resulted in costly and humiliating defeats. Malware regularly penetrates the perimeters of targets unnoticed.
  • Most companies do not rethink their cybersecurity with half the urgency that would be appropriate now. The similarities between the attacks of SolarWinds, Colonial Pipeline, JBS and Kaseya are clear enough. They provide a clear learning curve to climb. However, by and large, the potential victims do not react.

Procrastination has its charm, and perhaps it lies in human nature. However, it is better to invest in preparation than in post-hoc crisis management. After the SolarWinds attack, Vectra interviewed 1,112 security professionals working in medium to large companies.

Among the security teams, there was a high level of confidence in the effectiveness of their own company’s security measures: almost 4 out of 5 said they had a good or very good view of attacks that bypass perimeter defenses such as firewalls.

But the truth is that no application, network or data center is invulnerable. If a company’s decision-makers are bogged down in false security about their ability to fend off hackers, they are probably not equipped with the necessary tools to succeed.

The Kaseya attack is another reminder that complacency can come at a terrible price. Since the risk of an attack is no longer limited to large financially strong companies, the incident should trigger new security discussions in more IT departments. SaaS subscription relationships and the security policies of managed service providers should be re-examined. When a company relies on products like Kaseya VSA, it’s only as safe as its vendor. The more companies rely on data storage and SaaS solutions outsourced to the cloud, the greater the vulnerabilities can become.

Last year, it said it would take months to determine the full extent of the damage in the SolarWinds attack-just as it does now in the Kaseya ransomware attack. Nevertheless, we should be optimistic that as a digital society we will connect the dots and turn the tide. For years, we have known the benefits of robust network monitoring and rapid detection of unavoidable security breaches. President Biden’s Executive Order of May 2021 makes attack detection-and better investigative and remedial options-a priority for the U.S. federal government. Business leaders worldwide are now challenged to respond to the Kaseya ransomware attack by accelerating their transition to a more effective cybersecurity strategy.

The Kaseya disaster may one day be remembered as a turning point that eventually led to a better security situation. When that happens, the criminals have done us an unintentional service.“

Ready to see us in action:

More To Explore
Enable registration in settings - general
Have any project in mind?

Contact us: