Attack on Miami-based IT supplier Kaseya was timed to coincide with the 4th of July celebrations
Hundreds of American businesses were hit Friday by an unusually sophisticated ransomware attack that hijacked widely-used technology management software from a Miami-based supplier called Kaseya, reports Reuters.
“Cyber-attacks against US businesses are increasing at an exponential rate,” said Curtis Simpson, CISO at Armis. ”This attack has been timed to coincide with the 4th of July celebrations, when many businesses will be expecting to see an increase in service usage.”
“It’s a stark reminder that attackers are poising themselves to strike when companies are the least prepared.”
“This incident builds on the recent cyberattacks on critical infrastructure, manufacturing and supply chain companies across the US such as Colonial Pipeline, Molson Coors & JBS to name but a few.”
“US businesses must build greater cyber resilience into their ecosystems and implement better defences against foreign actors if this pattern is not be repeated.”
“Russian actors and other foreign agents are intent on attacking weak links in our nations cyber networks. US businesses must act now to deploy bettercyber security, platforms and protocols if they are to mitigate the risk we face from cyber criminals and rogue states.”
Another supply chain attack
The Kaseya attack comes after last year’s Trojan horse-type hack of third-party software provider SolarWinds.
The attackers changed a Kaseya tool called VSA, used by companies that manage technology at smaller businesses. They then encrypted the files of those providers’ customers simultaneously.
Security firm Huntress said it was tracking eight managed service providers that had been used to infect some 200 clients.
“This is a colossal and devastating supply chain attack,” Huntress senior security researcher John Hammond said, referring to an increasingly high-profile hacker technique of hijacking one piece of software to compromise hundreds or thousands of users at a time.
Because Kaseya is plugged in to everything from large enterprises to small companies, he said the attack had “the potential to spread to any size or scale business.”
President Joe Biden directed federal agencies to assist with the response. “Since Friday, the United States Government has been working across the interagency to assess the Kaseya ransomware incident and assist in the response,” said Anne Neuberger, deputy national security advisor for cyber and emerging technology.
“The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have been working with Kaseya and coordinating to conduct outreach to impacted victims.”