Managed services providers (MSPs) offering Security as a Service are finding themselves in a precarious situation after the Independence Day weekend ransomware attack on Kaseya VSA, a remote monitoring and management (RMM), endpoint management and network monitoring solution.
Kaseya reports that at about 2 p.m. on July 2, 2021, its team was alerted to the attack and shortly afterward shut down its VSA servers. Kaseya points out that swift action by its team and partners in forensic investigations minimized the impact of the attack—MSPs using Kaseya manage IT at approximately 800,000 to 1,000,000 small and medium-sized businesses (SMBs), but the ransomware attack impacted only about 50 MSPs and 1,500 of their customers.
On July 11, Kaseya released the patch to VSA On-Premises customers, the MSP and other solution provider businesses that were impacted by the attack and also released Version 9.5.7a for both VSA SaaS and On-Premises.
After the attack, MSPs are walking a thin line between not missing opportunities to provide security solutions to businesses that really need them and not appearing to capitalize on the misfortune of the victims. Few people missed the news of this latest ransomware incident, billed as one of the largest in history and with an initial ransom demand of $70 million, so even if you’d rather avoid the topic on your next sales call, you probably can’t.
“You have to talk about it,” says John Hammond, Senior Security Researcher at Huntress. “It’s best to be fully transparent and communicate.”
It may take some time to explain to businesses exactly what happened in the Kaseya ransomware attack—especially if they aren’t familiar with the tools that MSPs use for remote monitoring and management. “Some people may not know which tools you use,” Hammond comments.
Your clients need to know that some of the software you use gives you access to their networks and the endpoints you monitor for them.
With Great Power Comes Great Responsibility
The Kaseya VSA attack is a reminder that the access that enables you to deliver services efficiently to your clients can be the target of ransomware attacks. Of course, you must do all you can to strengthen your operation’s and your clients’ cybersecurity strategies, but Hammond stresses MSPs must do more.
“Hold vendors of any product or solution you use accountable,” he stresses. In the current cyberthreat landscape, it’s crucial to ask how often vendors conduct code reviews and vulnerability assessments on their software solutions.
Hammond also suggests asking vendors to institute a bug bounty program, which incentivizes members of the user community to “stress test” products and validate their security.
He adds, “Be in the mix and stay informed of new threats. We need to make sure everyone is involved.”
A Practical Approach to Security as a Service
The Kaseya VSA supply chain attack may also be a good conversation starter about the best approach to cybersecurity.
“Prevention is hard. There is no silver bullet,” says Hammond. “It’s more practical to understand the threat and stop it as soon as you can.” Also, work with your customers on their plans to respond, recover and remediate following an attack.
Hammond reminds MSPs, “Cybersecurity is never solved. It’s something you have to earn every day. Security isn’t ‘set it and forget it.’ It’s an active fight.”