On July 2nd, what’s considered the biggest ransomware incident to date paralyzed Kaseya and up to hundreds of other businesses associated in their supply chain. The attacker, a Russian-based group named REvil (Ransomware Evil), used a supply chain attack that leverages Managed Service Providers (MSP) users. Not all MSP users have been compromised, but an estimated 1,500 companies have been locked out of their computers, allowing REvil to demand a 70 million ransom in Bitcoin. According to the Washington Press, the Kaseya supply chain attack is revolutionary in terms of ransomware hacker sophistication.
Supply chain attacks are a type of cyberattack that seek out vulnerabilities and weak links in the supply network, breaching legitimate third-party processes, and allowing malware to travel between source users of the compromised chain, the supplier’s clients. This is how the culprits behind Kaseya could target such an overwhelmingly large number of businesses. In general, supply chain attacks target smaller companies with less robust security infrastructure, which indirectly give them access to larger businesses who typically have more robust security and that are harder to penetrate directly.
According to John Hannon, a senior cybersecurity researcher at Huntress, a procedural supply chain attack was used to compromise Kaseya’s VSA, which is used in MSP platforms. MSPs then supply IT and monitoring services to 3rd party users, gaining administrative access to networks and endpoints of thousands of businesses served by the MSP. When the MSP is compromised, all clients are compromised.
The Kaseya incident has proved that an MSP infrastructure can become a large pivot platform for hackers to penetrate SMBs if the MSP infrastructure itself is not constantly scrutinized and tested for cracks. Especially during a 3rd party application integration process, which can allow this type of supply chain attack to spread from company to company like wildfire.
To address this growing target on MSPs, late in 2019, NCCoE (National Cybersecurity Center of Excellence), under NIST, launched a few initiatives to improve the cybersecurity posture of MSPs. In their practice guide, Asset Management and Risk Assessment is identified as the 1st scenario for MSPs to address.
However, Asset Management and Risk Management pose special challenges to MSPs, due to the larger number of assets they own, and the variety of 3rd party software integrations conducted. MSPs would need a simple, scalable, and automated tool to help them continuously assess the risk and security posture of the entire infrastructure.
RidgeBot is an ideal, scalable, automated penetration testing tool for assessing the security posture and finding weak chains in an MSP infrastructure. Learn more about RidgeBot by watching this demo.