Streamline your cloud experience and maximise your cloud investment with Microsoft Azure-aligned public cloud services.
Host all of your workloads in the most appropriate location while experiencing the simplicity of one cloud from Six Degrees.
Enhance your cyber security and safeguard your organisation with our cyber security strategy and advisory, consultancy, and managed services.
Connect your business through a comprehensive connectivity portfolio delivered via our owned and operated core Next Generation Network (NGN).
Access the smarter, faster technology needed to make the most of your hybrid working future.
Streamline your hosting with comprehensive colocation services delivered from three UK data centres.
Gain clarity and control of your 5G estate, ensuring ongoing cost efficiencies are managed on your behalf through our managed service.
Gain confidence in your cloud direction and achieve accelerated time to value through our assured and optimised cloud services.
Master today’s complex threat landscape and protect your business with our intelligence-led security services.
Videos and webinars are a great way to digest the latest technology insights.
Our eBooks and whitepapers provide in-depth insights from our experts.
Our thought leaders publish regular blogs on up-to-the-minute topics.
Learn all about the latest news from Six Degrees as we continue to evolve.
We host regular in-person and virtual events for our clients.
Learn how we enable our clients to achieve more; providing superior secure solutions, powered by our passionate people.
We are proud to partner with many of the world’s leading vendors, enabling you to leverage our continual investment in difference-making technology.
Learn how CNS at Six Degrees delivers intelligence-led security services that protect organisations in today’s hostile landscape.
We are committed to operating in an environmentally and socially conscious way. Learn more about our commitments as a business.
We are proud of our secure cloud credentials. Learn why we’re one of the most highly accredited providers in the UK.
We are a friendly and passionate bunch here. Whether you want to work with us or for us, we think you’ll enjoy the Six Degrees experience.
Home » Blogs » Kaseya Ransomware Attack: What You Need to Know
Ransomware is one of the most pernicious threats facing organisations today. For some time now, hackers have identified ransomware as the quickest route to money when launching attacks – in 2020, the total amount paid by victims increased 336% to reach nearly $350 million.
The extortion economy is real, and it’s here to stay. But what’s especially troubling is that hackers are evolving their tactics to target larger groups of victims through supply chain compromise attacks. We saw this in last year’s SolarWinds hack, and we’re seeing it again now with the Kaseya ransomware attack.
In this blog we’ll provide an overview of the Kaseya ransomware attack, offer guidance on how to know if you’ve been impacted – and what to do if you have been, and suggest best practice measures to protect your organisation from a threat that isn’t going away.
Let’s get started.
On Friday 2nd July, Kaseya – a company that provides IT management software – announced that it had been compromised by a targeted cyber-attack. Although precise details of the attack are not yet known, cyber security experts believe the Russia-linked hacking group REvil launched the attack. Experts believe hackers used a SQL injection attack against the Kaseya web interface in order to gain initial access. What we do know for sure is that REvil has made a $70 million ransom demand from REvil for a ‘universal decryptor’ – possibly an attempt to get victims to pool together to pay this massive ransom.
Why did the hackers target Kaseya? Well, Kaseya provides software that is used by both end user organisations and managed service providers to manage networks, systems, and information technology infrastructures. By compromising Kaseya and placing malicious code masquerading as legitimate software updates, the hackers have been able to launch attacks that target not just Kaseya but also its clients and their clients, too.
So where are we now? Despite Kaseya CEO Fred Voccola telling the New York Times that fewer than 40 Kaseya clients were directly affected by the cyber-attack, thousands of organisations have been affected by the ransomware distributed through Kaseya’s software.
The Kaseya ransomware attack reflects two concerning trends in the cyber landscape:
Even if you or your managed service provider don’t use Kaseya software, these are trends you should be addressing actively. But what if you or your managed service provider use Kaseya? Let’s take a look at what you should do.
At Six Degrees we don’t use or support Kaseya products, but we appreciate that your organisation – or your managed service provider – may do. Our cyber security experts have put together the following mitigation advice if you think your organisation may be impacted by the Kaseya ransomware attack:
The Kaseya ransomware attack is a developing situation that is moving at pace. If you need support following these steps, want to check that they are still best practice, or believe your organisation may have suffered a breach, contact your Six Degrees Account Manager or visit here.
We believe there are three key take-homes from the Kaseya ransomware attack: the importance of supply chain security, the need to apply zero trust-aligned principles, and the need to proactively detect and respond to events throughout your network. Let’s take a look at these one at a time.
The Kaseya ransomware attack was what is known as a supply chain compromise, as the hackers targeted their victims by first compromising a trusted supplier. This is a big deal for hackers: instead of having to trick individual targets into downloading malicious software, they can package their malicious code in otherwise legitimate software updates that they can simply leave the software provider to prompt its clients into downloading.
The challenge all organisations face is the fact that IT management software in theory has access to all assets on a network. It is essential therefore to understand the depth of this software and how it is used – including whether it is used internally or by external parties; who deployed and configured it; who manages it; and what other protective controls should be operational.
In order to mitigate the supply chain risks you face, you need to audit and monitor your organisation’s supply chain maturity. Supply chain attacks will become more commonplace as they continue to be a successful route to revenue for hackers. You therefore need assurance from your suppliers – especially those that have intimate access to your network – that they don’t pose a cyber security risk to you. Here’s how you can go about doing that.
Your organisation probably outsources a number of services that were traditionally carried out in-house. The supply chain that delivers these outsourced services is typically split into two tiers: tier one suppliers directly contracted by you, and the tier two suppliers that they themselves outsource to.
Right now, there’s a good chance that your tier one suppliers are assessed during the contract onboarding process and then forgotten. Not great, but probably better than the diligence placed around the tier two suppliers.
At Six Degrees, we recommend carrying out continual diligence around your supply chain in order to mitigate the risk of a supply chain compromise causing financial, operational and reputational damage to your organisation. By benchmarking your suppliers against key domains such as compliance and accreditation and technical compliance, you can establish the areas of security weakness within your supply chain that present the greatest threat to your organisation. You can then prioritise remediation activities to reduce this threat.
In incidents like the Kaseya ransomware attack, understanding how much access software has into your infrastructure is essential. It’s also important to establish whether your business continuity plan includes mitigation or contingency actions should an attack like this impact your organisation.
Our Aegis Cyber Security Maturity Assessment features a supply chain assurance module that enables you to do just this. To learn more about Aegis and how we tailor it to enhance your organisation’s cyber security maturity, book an appointment to speak to one of our experts.
Top Tip: our new Supply Chain Security infographic provides nine key questions you should ask to ensure you’ve protected your organisation and mitigated security risks in your supply chain. Download it for free.
If you download malicious code as part of an otherwise legitimate software update in a supply chain attack, how can you detect the compromise and respond to it quickly in order to minimise its impact? There are two methods your organisation can employ that will reduce your attack surface and enable you to minimise the impact of a cyber-attack.
Zero trust is at best the future of cyber security and at worst an annoying buzzword that professionals throw around to sound smart. However, even though its interpretation can depend on who you speak to, its principles are sound. But what exactly is it?
With most organisations in 2021 having to deal with remote users, overlapping multi-cloud environments and Internet of Things devices, security focus is moving away from network perimeters and towards protecting assets individually. Zero trust shifts focus from where you are (on the network or at the perimeter) to who you are (your identity or device), challenging and authenticating every action you take.
Zero trust nirvana is a long way off for most organisations, but the journey to zero trust is one we believe organisations should take. Adhering to best practice zero trust-aligned security principles such as using multi-factor authentication and applying policy-based access to applications will reduce hackers’ ability to expand cyber-attacks throughout your network.
If you’ve heard the term zero trust bandied about and want to understand how it can relate to your organisation, get in touch. In the meantime, though, here’s how Managed Detection and Response complements zero trust to protect your organisation from cyber-attack.
It’s an unfortunate reality that even the most secure organisations are still vulnerable to zero-day vulnerabilities. However, zero-day vulnerabilities are far less damaging if your organisation is able to identify and address the threat sooner. Moving forward, how can your organisation achieve this? Well, that’s where managed endpoint security comes in.
Endpoint security is an approach to cyber security that follows zero trust principles to focus on end user devices — or endpoints. However, the goal isn’t to protect each individual endpoint — desktop, laptop, virtual environment etc. — but the system as a whole. This is done by managing the flow of information between the network and device, centralising security and control while decentralising risk.
Microsoft Defender for Endpoint is an endpoint security system that is able to automatically isolate active threats, minimise risk exposure, and provide advanced attack detection and response capabilities. When configured and managed correctly, this delivers a preventative security system and real-time defence that enables security analysts to prioritise threat alerts, view the full scope of any breaches and act immediately to rectify identified threats.
Put simply, if hackers gain access to your network, Microsoft Defender for Endpoint will generate alerts that identify the suspicious activity. Which is great. But who’s going to manage and act on the alerts the endpoint security system generates? The best security tools can only quarantine an issue and alert you to a problem. It’s then your responsibility to act upon the intelligence you’ve received to eliminate and remediate that treat.
Our Managed Detection and Response service handles this for you. Managed Detection and Response is a fully-managed endpoint protection service that keeps your organisation safe 24×7. Our experienced cyber security experts harness the power of Microsoft’s industry-leading Defender for Endpoint security solution to deliver:
By implementing Managed Detection and Response, you can reduce hackers’ ability to expand cyber-attacks across your infrastructure and minimise the risk of data breach resulting in financial, operational and reputational damage. You can learn more about Managed Detection and Response and book a demo here.
The Kaseya ransomware attack has opened up a real Pandora’s box of cyber security implications, and these touch on some pretty fundamental aspects of your organisation’s operational approach. In this blog we’ve explained the importance of supply chain security, applying zero trust-aligned principles and implementing detection and response capabilities to minimise the cyber risk your organisation faces.
At Six Degrees we have the expertise and the experience to deliver tailored solutions that will enhance your organisation’s cyber security posture. But before we start, we always want to understand your organisation and where you are on your own cyber security journey.
Our Aegis Cyber Security Maturity Assessment will compile a detailed evaluation of your organisation’s cyber security readiness and your ability to address weaknesses, highlighting potential security gaps and making recommendations to reduce vulnerabilities. To learn more about the Aegis Cyber Security Maturity Assessment, or to book your assessment, contact your Account Manager or visit here.
Fortify your organisation’s security posture by evaluating your…
Six Degrees has reinforced its commitment to driving…
Planning for the Future of Cyber Security Today…
More information on our Privacy and Cookies Policy can be found here: https://www.6dg.co.uk/privacy-cookies/. You can update how we contact you in the future by visiting our Communications Preference Centre here: https://www.6dg.co.uk/preference-centre/.
