By now you’ve probably heard news of the REvil ransomware group – how they’re currently holding over 1,000,000 business computer systems hostage since the July 4th weekend, demanding a cool $70 million to release them. Worse yet, these systems were encrypted by no fault of the business owners themselves, but through a supply chain attack that took advantage of a Microsoft zero-day vulnerability. Hackers used this vulnerability to breach distribution networks of Kaseya (pronounced “kuh-say-uh”) management servers that outsourced IT departments use to regularly patch and update corporate network.
Unlike the Solarwinds attack from last year, REvil is targeting MSP’s (Managed Service Providers) whose business model is focused on providing IT maintenance and helpdesk services to businesses that outsource these responsibilities to a 3rd party. MSP’s are mostly comprised of technical people and we collaborate with them often on projects where security is a concern. So as you may imagine, having one of the core tools used to perform their work become compromise, breaching that hard-earned customer trust has caused quite a stir in the IT community.
CISA and the FBI are both involved in the worldwide incident-handling process for impacted Kaseya customers and are urging all MSPs and their customers to adhere to the following:
Ensure backups are up to date and stored in an easily retrievable location that is air-gapped from the organizational network;
Ensure that all systems are fully patched as soon as possible
Implement MFA and principle of least privilege on key network resources admin accounts
If you’re not in IT, this might sound like gibberish. Simply put, make sure that if hackers do get into your network, they have no way to reach your data backups, that all of those lingering Windows, Java and MS Office patches are installed pronto and that you double check all employee access to files, programs and their computers themselves to ensure they don’t have access to anything more than they need to do their job (least privilege).
What’s the lesson?
In Hawaii, storms happen. Our businesses are not measured on whether they can prevent a storm from happening (that’s preposterous), they’re measured on how fast they can recover and get back to serving customers. In 2021, cybersecurity incidents are the inevitable storm.
Your business is not judged by whether you can prevent an incident, but rather how fast you can recover. A large security incident is an opportunity to prove you are a resilient business and demonstrate how quickly you can restore business operations when “it” hits the fan.
We learned just this morning that the Department of Homeland Security’s Office of Intelligence and Analysis issued a definitive report stating that Ramsomware attacks in the United States are likely to increase. The full report is available here.
As the world begins to emerge from Covid-19, now is the time to be more vigilant than ever. Be sure to check your security posture – is it as straight as it should be? If not, feel free to reach out. We can help.
Stay safe out there