Glad you found it interesting. I try to look for people who offer realistic alternative views to conventional wisdom. Because, as George F. points out, conventional wisdom is almost always wrong. I love the speech he made looking at 20th century conventional wisdom twenty years at a time. You might have seen it, but for those who didn’t here’s a link.
If I were a fiction writer, I could imagine a fine tale whereby these corporations getting hacked hire some kind digital gunslinger to ferret out these hackers, hunt them down where they live, and terminate them like something out of Blade Runner.
It seems morally satisfying….but I don’t suppose it’s really likely to happen.
We probably live in a world much more like what Philip K. Dick envisioned than most people realize.
Webej
2 years ago
Kaseya looks finished.
Solutions like this show how reactions to threats (immune system) can become vectors of the exact threat that is being defended against.
Diversification in protocols, hardware, and operating systems is often a better shield than centralization of efforts, as in any natural biotope.
If their backup strategies are anywhere as good as they say, they should have older versions of all files that can be recovered pre-infection.
In many cases this is not true even though the technology (Copy on Write, shadow volumes, granular aging out of older file versions) is better than ever.
Webej – this isn’t the first attack of its kind, nor will it be the last Having recovery points isn’t the issue – understanding the vector by which this occurred and then making sure that it is secure to turn systems back on is.
Yes. But you cannot absolutely guard against any possible vector if you have users, although if you have critical systems these should not permit any connection to internet-connected or removeable media enables devices.
However, backups are always a last resort and always will be!
It does not lock all files, it encrypts them, one at a time.
Any file can be recovered, especially if you are using copy on write (new area of disks are being used whenever you write data, so you cannot overwrite previous copies). Who is talking about installing previous software? Re-installing software and stuff should always be possible — it is the lost data that people are worried about when they pay for decryption keys.
I work in IT, although not administrator or security if that counts.
njbr
2 years ago
A week or so after Biden’s statement on (state-sponsored? state-tolerated?) hacking.
Good or bad timing by Russian actors?
LGT
2 years ago
My company is in the industry and uses Kaseya. Thankfully, we were not impacted, but we have colleagues who were.
This is indeed a nightmare scenario for technology management professionals. For managed service providers it’s the equivalent of a natural disaster in every state, simultaneously. The ransomware gang involved knew to launch this on a Friday afternoon before a holiday weekend, a prime time when response would be slower than usual.
First thing to keep in mind is that what happened to Kaseya has happened to other remote management tools (NinjaRMM, SolarWinds, ConnectWise). We’ve been warning our industry for the past five years that this is a matter of when, not if. Vendors like to play this against each other without realizing that they’re equally as vulnerable.
At this point we don’t know exactly why some users of Kaseya were impacted and others not. Likely there was a piece of code injected into a recent release of VSA (the core software), and when that software update was run by the user of VSA, the exploit was put in place to be used by the attackers.
Service providers who have higher end endpoint security solutions weren’t at risk of this impacting their clients. For example, we have a requirement that all clients leverage our security solution which includes an active SOC component. The SOC were aware of the attack before Kaseya notified us, and had already put mitigations in place for us. Most smaller MSPs (managed service providers) don’t have these solutions in place, don’t pay for 3rd party penetration/vulnerability assessments, and do not take security seriously enough.
Less mature MSPs are going to see significant negative fallout from this.
thimk
2 years ago
Email remains a popular way to infect computers . I think i read that the source of nearly a third to a half of all cyber attacks come from email. ya think there would be a way to sequester the email function from the rest of the system . this attack was a supply chain attack. Many companies reliant
on one service provider . Might be optimal to decentralize , like they did in past years.
The most popular malicious email attachment extensions are (.zip) and (.jar).
(Source: Kaspersky)
Cyber attack stats for 2021 reveal that the .zip and .jar extensions both make up for 37% of all malicious email attachments sent on the web. The next most popular one is the (.exe) extension with 19.5%.Zip files and jar files are extensions that can easily bypass the anti-malware security and restrictions of most email providers.
SusannaAM
2 years ago
If a system is connected to a network, it can be hacked. Rather than trying to identify weak spots in an information system, it would be better to encode data locally with randomized encoding, and back up existing data in the event a system is hacked.
It would not be difficult to embed individual PC’s and servers with randomized encoding I/O, so that nothing that is stored on the individual computer can be interpreted without the encoding procedure specific to that unit.
Today, i am celebrating July 4 2024 as “Freedom from Democrat Party Global Warming Lunacy” day!!!
JOIN ME
Jojo
2 years ago
In a networked world as we live in, there is ALWAYS an entry point to many networks. You just have to find it.
Cyber ransom gangs aren’t wasting time focusing on trying to get one person to read a poisoned email any longer. Now they find a common software supplier to many companies, look for a hole in the suppliers code and then bridge off of that. Smart! And almost impossible to defend against.
Another approach: Find credentials or gain network entry through apps downloaded from app stores that are allowed on companies networks.
Apps with 5.8 million Google Play downloads stole users’ Facebook passwords
Researchers uncovered 9 apps that used a sneaking method to pilfer credentials.
The easiest and surest way is to corrupt an IT person using traditional methods (money, blackmail, gambling debts, hookers e.c.t.) and have him slip in the program.
Curious-Cat
2 years ago
Might be a good idea to knock a couple of battle ships out of the military budget and spend a few bucks on cyber defense of our economy. If 40,000 businesses had been attacked with municians the government’s hair would be on fire. We don’t recognize our real threats and keep fighting the last war. It’s depressing.
(Source: Kaspersky)
Cyber attack stats for 2021 reveal that the .zip and .jar extensions both make up for 37% of all malicious email attachments sent on the web. The next most popular one is the (.exe) extension with 19.5%. Zip files and jar files are extensions that can easily bypass the anti-malware security and restrictions of most email providers.
I make it a practice never to match wits with an unarmed man.