"The Kaseya Ransomware Attack Is a Really Big Deal"
The Kaseya ransomware incident brings further attention to the importance of improving software supply chain security. Kaseya is a managed service provider (MSP), helping its customers manage their IT infrastructure. The company can deploy software to the systems under management in a way that is almost identical to that of a software provider deploying an automatic update to machines. Automatic software deployment in the context of software updates is a good thing in normal situations. However, this feature was abused in the Kaseya incident as the Russian-based criminal group REvil hacked into Kaseya's management system and distributed REvil software to systems under Kaseya's management. The ransomware disabled computers and demanded a payment of nearly $45,000 in cryptocurrency per impacted system. The subversion of software delivery mechanisms to install ransomware is an issue that requires further exploration. One other reason as to why Kaseya-like attacks should be of concern is the indiscrimination of supply chain compromises, with everyone who installs a malicious update getting the malware. Before researchers and policymakers start looking for solutions, they must examine why supply chain compromise is fundamentally different from most other problems in cybersecurity. This article continues to discuss the Kaseya ransomware incident and why the information security community should worry about Kaseya-like attacks.
Homeland Security News Wire reports "The Kaseya Ransomware Attack Is a Really Big Deal"