By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
TechgoonduTechgoonduTechgoondu
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Search
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Reading: Yet another supply chain cyberattack, now on Kaseya, should worry businesses
Share
Font ResizerAa
TechgoonduTechgoondu
Font ResizerAa
  • Audio-visual
  • Enterprise
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
  • PC
  • Telecom
Search
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Follow US
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Techgoondu > Blog > Cybersecurity > Yet another supply chain cyberattack, now on Kaseya, should worry businesses
CybersecurityEnterpriseSoftware

Yet another supply chain cyberattack, now on Kaseya, should worry businesses

Alfred Siew
Last updated: July 6, 2021 at 4:35 PM
Alfred Siew
Published: July 5, 2021
8 Min Read
SHARE
  • PHOTO: Pixabay from Pexels

Not many people outside the IT world, more specifically, the part involved in the “plumbing” or management of how IT infrastructure is run, would have heard of Kaseya until today.

Yet, the United States-based company that helps companies remotely monitor and manage their IT infrastructure is now in the headlines because it has become a victim of the single largest global ransomware attack.

Only 50 to 60 of Kaseya’s 37,000 customers were compromised over the weekend, reportedly by a Russian-based hacker group, but most of these customers used Kaseya’s software to in turn manage the IT infrastructure of thousands of other businesses.

These ranged from Swedish grocery chain Coop which had its cash register software crippled to small businesses like dental practices and architecture firms, Kaseya said on Sunday.

What’s worrying is that this is yet another devastating supply chain attack. In other words, hackers have found a way to compromise the companies that help manage the IT infrastructure of hundreds or thousands of other companies.

This gives them access to a larger group of victims. The notorious REvil gang is now said to be asking for a ransom of US$70 million to decrypt the data it has locked up through the attack on Kaseya.

If you find that this is deja vu, you’d have remembered one of the biggest attacks last year on another US company, SolarWinds, which helps thousands of organisations manage and monitor corporate networks.

Said to be the work of Russian hackers as well, that attack was used to get into other IT firms such as Microsoft, Intel and Cisco, as well as a dozen US government agencies, such as the Treasury and even the Department of Homeland Security.

That attack was sophisticated, just like the current Kaseya one, because it had to get past some tough defences that well-regarded suppliers would be expected to mount.

But once in, the attackers could not only gain access to the initial victim’s systems, but potentially do a lot more damage to their customers. They could, for example, send out fake updates to other victims that silently open up their computers to infection.

Now, these updates are usually digitally “signed” to make sure they are authentic when businesses receive them. However, hackers have managed to swap in malicious code into the real one when an update is still being worked on so that it gets delivered with the malware inside.

This is somewhat like sneaking into a factory and adding a bug into a PC or phone. On the outside, everything is sealed and looks fine, but inside it has been “contaminated”.

In the past, there have been reports of intelligence agencies hijacking shipments of network hardware and implanting chips to track their location and to insert malware.

Today, with everything controlled and run by software, there is no need to resort to such physical efforts. Instead, hackers just have to target companies that supply the software to manage all the hardware, from servers to network routers.

The saying that “software is eating the world” may also be applied to how the world’s infrastructure is increasingly run by software.

This includes public cloud services from the likes of Google, Amazon and Microsoft as well as private corporate network gear and data traffic now managed with Software Defined Networking (SDN).

The reason is because today’s infrastructure is too complex to manage manually or by flipping a hardware switch. Imagine having to head down to each and every branch of a retailer or every lecture hall in a university to update the Wi-Fi routers.

Why not just push the update through a central management console? A “single pane of glass” is what the industry calls this, to control or orchestrate multiple sites or businesses through software. To do so, however, means to keep everything always connected.

This means the management software and its supplier are attractive targets. An exposed supplier – and there are only a handful like SolarWinds and Kaseya – will expose a lot more victims.

The SolarWinds attack, for example, even resulted in much-respected cybersecurity firm FireEye being breached. It was in investigating its own breach, which resulted in the theft of hacking tools used to test client networks, that it uncovered the Solarwinds attack.

This is not to say that businesses should start unplugging their systems and go back to an unconnected world. There is no way things are returning to the old days, as every transaction becomes digital in the years ahead.

What this means is that much more of the responsibility will fall on the shoulders of key suppliers of infrastructure management systems. They are already hardened targets – more shielded than individual businesses running their own systems – but clearly, more needs to be done.

The Linux Foundation, for example, has suggested more scrutiny into the software creation and update process. An independent audit of the components involved could help enhance security.

The criminal gangs involved also have to be tackled, either through political means as the US government has threatened or through takedowns of the hackers’ own well-built infrastructure and supply chain on the Dark Web.

Yes, hacker groups don’t work alone today. Instead, many often find affiliates to craft various parts of an attack, from testing the defences of a target to extracting the data and sending a ransom note.

Unfortunately, given how divided the world is today, it won’t be easy for governments, say from the US, Russia and China to cooperate to get the scourge of cyberattacks off businesses any time soon.

Just as they have to plan for a catastrophic event that would upend their operations, businesses have to manage their risks and be ready to recover from a costly attack.

As the saying goes, it’s not whether you will get attacked but how you prepare and respond to it. The risks, to be sure, are growing in a software-controlled, interconnected world.

SIA moves to a cloud-first strategy as part of its digital transformation
Nvidia steps on the pedal in AI race, unveils annual GPU roadmap
Apple opens first Singapore store on Orchard Road on May 27
Google teams up with running enthusiasts to map out running routes
New AWS Asia-Pacific hub to drive innovation, customer engagement
TAGGED:Coopcyberattackcybersecuritydark WebKaseyasolarwindssupply chain attackthink

Sign up for the TG newsletter

Never miss anything again. Get the latest news and analysis in your inbox.

By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Share This Article
Facebook Whatsapp Whatsapp LinkedIn Copy Link Print
Avatar photo
ByAlfred Siew
Follow:
Alfred is a writer, speaker and media instructor who has covered the telecom, media and technology scene for more than 20 years. Previously the technology correspondent for The Straits Times, he now edits the Techgoondu.com blog and runs his own technology and media consultancy.
Previous Article Hands on: Nikon Z fc
Next Article Upskill at your own pace with online courses at new Techgoondu Learn portal
Leave a Comment

Leave a ReplyCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Stay Connected

FacebookLike
XFollow

Latest News

Stunning AI advancements could transform healthcare, education and agriculture globally: Bill Gates
Internet
May 7, 2025
NRF 2025 APAC show in Singapore to spotlight latest in retail innovation
Enterprise
May 7, 2025
LG gram Pro 2in1 16 review: Large-screen convertible laptop without the weight
PC
May 5, 2025
Running off a tropical data centre now, Ready Server looks to liquid cooling to support AI
Enterprise
May 5, 2025

Techgoondu.com is published by Goondu Media Pte Ltd, a company registered and based in Singapore.

.

Started in June 2008 by technology journalists and ex-journalists in Singapore who share a common love for all things geeky and digital, the site now includes segments on personal computing, enterprise IT and Internet culture.

banner banner
Everyday DIY
PC needs fixing? Get your hands on with the latest tech tips
READ ON
banner banner
Leaders Q&A
What tomorrow looks like to those at the leading edge today
FIND OUT
banner banner
Advertise with us
Discover unique access and impact with TG custom content
SHOW ME

 

 

POWERED BY READYSPACE
The Techgoondu website is powered by and managed by Readyspace Web Hosting.

TechgoonduTechgoondu
© 2024 Goondu Media Pte Ltd. All Rights Reserved | Privacy | Terms of Use | Advertise | About Us | Contact
Join Us!
Never miss anything again. Get the latest news and analysis in your inbox.

Zero spam, Unsubscribe at any time.
 

Loading Comments...
 

    Welcome Back!

    Sign in to your account

    Username or Email Address
    Password

    Lost your password?