For the cybersecurity industry, 2021 might be remembered as the year of the software supply chain attack. The Kaseya ransomware attack is one of many that have shown the vulnerability of software supply chains and the need to strengthen secure development practices, regardless of industry or company size.
Through the year 2021, ransomware remained a problem for organizations and governments, as evidenced by statistics showing how serious and pervasive the issue has become.
According to CrowdStrike’s 2020 “Global Security Attitude Survey,” there have been upward trends, with the average ransom payment rising by 63 percent from USD 1.10 million in 2020 to USD 1.79 million in 2021. Furthermore, according to the survey, 66 percent of respondent firms faced at least one ransomware attack in the last year, up from 56 percent in 2020.
The State of Ransomware
Threat actors have increased their ransomware operations year after year. However, during the past two years, attacks have become bolder and more sophisticated, with more recent strikes having disastrous results. 2021 also saw cyber-attacks make a record USD 70 million ransom demand from remote management software company Kaseya. The company had been impacted by zero-day exploitation that affected 1,500 businesses. This supply chain attack rivaled that of the infamous SolarWinds incident of 2020.
In every way, ransomware attacks increased in 2021, and this trend is not expected to slow down in 2022.
Threat actors keep developing new strategies for breaking into systems, intensifying attacks, and applying pressure on victims as they become more brazen. Various advanced technologies and sophisticated techniques support their confidence.
Attacks Against MSPs
A new wave of ransomware attacks against Managed Service Companies (MSPs) raised awareness after the Kaseya ransomware attack. Since they often target people who think they are carrying out ordinary tasks, like email, these attacks are significantly more brutal, and difficult to prevent. This issue has become increasingly bigger as hybrid work has become more popular.
Protecting such endpoints from threat actors becomes more challenging the more devices there are connected to the cloud.
The Kaseya Ransomware Attack
Like the SolarWinds attack, the Kaseya attack highlights the threat posed on a company’s supply chain. Even if a company has a robust security program, a supplier’s system flaw could leave it open to this kind of attack.
It is becoming increasingly important to lock down environments appropriately. Enterprises must now critically evaluate the claims made by vendors and determine whether the settings they are implementing truly follow the Principle of Least Privilege (POLP) and is restrictive to achieve their goals. It is no longer sufficient for enterprises to simply install security software.
VelzArt, based in the Netherlands, was one of the hundreds of organizations affected by the Kaseya attack. Speaking about MSPs as the entry point for the world’s largest ransomware attack in history, Bart van Velzen, Co-Owner of VelzArt, in an exclusive conversation with ITSecurityWire, said,
“For us, 100% successful backups were the most important. This makes a quick restore possible and does not give the hassle of negotiating with a third party. And, of course, keep challenging our suppliers, so they stay fully focused on the security end of their products. We didn’t have the idea that Kaseya did not have this covered, but still, it was not enough in this case. And it is also very important to think about your customers who do not take your advice on backup and security if you still want to supply them with IT services.”
Since Kaseya has access to enterprise IT networks, which are increasingly interconnected with the Internet of Things (IoT), Industrial IoT (IIoT), Operational Technology (OT), and the Extended IoT (XIoT) to support building automation systems, crucial manufacturing processes, and medical imaging equipment, it is likely this is why the company was targeted in addition to its sizable and influential customer base. As the XIoT expands, new attack vectors constantly appear because many of these systems weren’t necessarily created to coexist harmoniously. As more and more physical systems are accessed online for automation, efficiency, control, and convenience, this will only accelerate.
Supply Chain Cyber Risk
Cyber-risk in the supply chain is complex and affects every stage of a product’s lifecycle. The longer and more complicated the life cycle, the more opportunities it offers to exploit the its weakest links. Additionally, as supply chains sometimes span numerous countries and suppliers, one company cannot be solely responsible for security. Business leaders must examine security measures taken by their immediate suppliers and how those suppliers manage and mitigate risk with their wider network of suppliers when developing business continuity strategies.
Technical service provider Hoppenbrouwers Techniek based in the Netherlands with around 1600 employees, is another company that was hit by the Kaseya attack. Speaking exclusively to ITSecurityWire, Marcel de Boer, Financial Director of the company, said,
“Thanks to the enormous effort of 200 employees and a good backup system, we were able to recover all servers and all endpoints (which were all over the country) in 2 days. Our systems are now 24/7 monitored by a Security Operations Center. IA is an important part in this monitoring. We constantly keep our workforce aware of any cyber threats. The Kaseya incident made us aware that supply chain attacks can be more harmful than human error. It also made us aware that cybersecurity is not an IT issue and therefore must be on the table of the board.”
Greater Emphasis on Business Continuity and Disaster Recovery
Ransomware threats grew worse for the industry in 2021, and they will undoubtedly do so again in 2022 and beyond. So what are the learnings from the Kaseya attack?
First and foremost, businesses must improve their security posture to defend themselves from such attacks better. This should entail giving business continuity and disaster recovery more attention, as these solutions can be crucial in minimizing the effects of a ransomware attack.
Businesses should monitor and respond to emerging threats. The risks linked to third-party connectivity and integration should be considered when supply chain attacks have been demonstrated to be highly damaging to managing the attack surface. The challenge today is that businesses are often driving significant security improvements like these. However, there is a chance that this will change in 2022 and beyond. Any collaboration, whether private, public, or public-private partnerships, will be essential to combat ransomware and other modern cyber threats through 2022 and beyond.