ChannelLife New Zealand logo
Industry insider news for New Zealand's technology resellers
Story image

Security vendors weigh in as fallout of Kaseya cyber attack continues

By Shannon Williams
Thu 8 Jul 2021

The fallout of last week's Kaseya ransomware attack continues, with fellow security vendors saying the attack is a stark reminder that ransomware continues to be an increasing threat to organisations around the world. 

The attack saw up to 1500 businesses around the world affected, which centred on U.S. information technology firm Kaseya. REvil ransomware group, who claimed responsibility for the breach, have demanded US$70 million to restore all the affected businesses' data.    

Matt Sanders, director of security at LogRhythm, says the attack is a major reminder that ransomware attacks continue to be an increasing threat to companies, critical infrastructure organisations and government agencies at all levels. 

"This attack is especially dangerous because Kaseya is used by many Managed Service Providers that many businesses trust to handle their IT functions, such as endpoint inventory, patching, and software deployment," he says. 

"With up to 1500 possible businesses affected from the Kaseya ransomware attack, the impacts from the attack will be felt for months to come."

Sanders says recovering from a ransomware attack takes time, and a well-rehearsed incident response plan will prove invaluable should the worst happen. 

"Aside from planning their response to a successful attack, organisations should keep their prevention and detection technologies top of mind by ensuring that they have the appropriate protective controls in place, as well as visibility into what is happening across their environment," he says.

"A properly configured security monitoring solution that has full visibility into the environment with robust automated response capability would help organisations such as Kaseya identify malicious activity and thwart bad actors before ransomware can take hold."

Jeff Costlow, chief information security officer at ExtraHop, says Kaseya is a "terrifying" example of how quickly cybercriminals are adopting Advanced Persistent Threat tactics. 

"In the Kaseya attack, the threat actors deliberately targeted a well-established but little-known software management firm that would allow them access to hundreds of other environments," he says.

"They meticulously researched their target and found a zero day flaw in their software. They then exploited it and waited for a long holiday weekend to detonate their ransomware."

Costlow says the technique parallels almost exactly the techniques used by nation-state adversaries in the NotPetya attack four years ago, which used an exploit in Ukrainian tax software MeDoc and more recently, in the SolarWinds SUNBURST attack. 

"Both NotPetya and SUNBURST used exploits in software that was widely used but little known to the public to disseminate malware on a massive scale," he says.

"Both waited for national holidays (the former in the Ukrainian, the latter in the US) when many were out of the office to detonate their attacks.

"The fact that techniques that were once the dominion of the most advanced nation states are now being used to extract multi-million dollar ransoms should serve as a stark warning for every organisation and every software vendor," Costlow says.

"The threat of sanctions or other diplomatic repercussions is of no concern to cybercriminals that operate outside the bounds of any government," he says. 

"Ransomware is now an advanced persistent extortionate threat one thats far more calculated than opportunistic."

Srikant Vissamsetti, senior vice president engineering at Attivo Networks, says attackers steal and destroy information as part of their attacks, whether they seek to move deeper into the system or to hold data for ransom. 

"Since Kaseya VSA runs on all endpoints and servers, this compromise provided the ransomware operator access to all systems without requiring any lateral movement," he says.

"Organisations need functions that hide and deny access to local files, folders, removable storage, network or cloud shares, local administrator accounts and application credentials. 

"By denying attackers the ability to see or exploit critical data, organisations can disrupt their discovery or lateral movement activities and limit the damage from ransomware attacks."

Corey Nachreiner, CSO at WatchGuard Technologies says the Kaseya ransomware attack underscores the importance of multilayered security for MSPs as well as enterprises. 

"While novel attacks like this are impossible to predict, having protection across networks and endpoints can help minimise the worst effects until patches and other measures can be taken."

 

Related stories
Top stories
Story image
Artificial Intelligence
Siemens expands NVIDIA partnership for industrial metaverse
Siemens is expanding its partnership with NVIDIA to enable the industrial metaverse and increase the use of AI-driven digital twin technology.
Story image
Microsoft
Azure-based technology asBuilt signals better BIM outcomes in NZ
The Microsoft Azure-based asBuilt intelligence hub is helping Kiwi businesses accelerate their building information management potential.
Story image
Cybersecurity
Delinea’s Joseph Carson recognised with OnCon Icon Award
Delinea chief security scientist and advisory CISO Joseph Carson has been recognised as a Top 50 Information Security Professional in the 2022 OnCon Icon Awards.
Story image
Gaming
Sony releases a new gaming gear brand for PC gamers
Sony has unveiled INZONETM, a new gaming gear brand for PC gamers that makes gaming more immersive and offers greater gaming ability.
Story image
Microsoft
Digital innovation could shape the future of NZ - Microsoft
With cloud technologies available to more people around the world than ever before, it is not only businesses who will benefit from using them.
Story image
Electrical
Up to $2.4 million shortfall in the collapse of IndeServe
We delve into the liquidators first report on long-standing networking service provider IndeServes collapse.
Story image
Review
Hands-on review – CleanMyMac X utility for macOS
We get hands-on with a useful utility that macOS users never thought they needed but probably do.
Story image
Awards
Microsoft names A/NZ Partner of the Year award winners
The awards recognise partners across the globe for their innovative use of Microsoft technologies to help customers succeed.
Story image
Web Development
Whitecliffe fosters careers for the future of tech
Do you want a career in Information Technology, Networking, Web Development, Software Development, or are you looking to upskill?
Story image
Artificial Intelligence
Dynatrace extends automatic release validation capabilities
Dynatrace has extended its platform release validation capabilities to improve user experience at every stage of the software development lifecycle.
Story image
Ransomware
Secureworks reveals new information on BRONZE STARLIGHT threat group
New research from Secureworks has uncovered new information on the Chinese threat group BRONZE STARLIGHT and how they are using targeted ransomware to initiate complicated attacks.
Story image
Finance
Airwallex launches global payment services in New Zealand
The launch will enable businesses in New Zealand to tap into Airwallex's global payments services, offering an alternative to traditional banks.
Story image
Dicker Data
EXCLUSIVE: Why women in IT makes good business sense - Dicker Data
The Federal government wants to bolster female participation in the tech industry to at least 40% by 2030. Here's how one homegrown Australian company has already reached that goal.
Story image
Microsoft
ASI Solutions named finalist of Microsoft Surface Partner of the Year
"ASI Solutions has a strong Microsoft focus, building value by helping customers maximise investment in modern workplace solutions."
Story image
Design
Hands-on review: Phillips Hue starter kit
The set-up was one of the simplest I have ever had to do. It is also where the products shine. I was able to connect the bridge, the three lightbulbs and the strip within 10 min.
Story image
Hybrid Cloud
HPE GreenLake advances hybrid cloud experience with new services
"The innovations unveiled today further build on our vision to provide the market with an unmatched platform to spur innovation and drive transformation.”
Story image
Hybrid workforce
Why hybrid working is here to stay and how to ace it
Citrix's new report reveals hybrid workers are more productive and engaged at work than their office and completely remote counterparts.
Story image
Financial results
Margins & revenues up at New Zealand arm of Acer Computer
We look at the local financial statements of Taiwanese manufacturer Acer Computer Inc.
Story image
Cybersecurity
Tech and data’s role in the changing face of compliance
Accenture's study found that 93% of respondents agree or strongly agree new technologies such as AI and cloud make compliance easier.
Story image
MSP
Video: 10 Minute IT Jams - An update from CyberArk
Olly Stimpson joins us today to discuss the importance of MSP programmes and how MSP partners are experiencing success with CyberArk.
Story image
WatchGuard Technologies
Ransomware volume doubled 2021 total by end of Q1 2022
Ransomware detections in the first quarter of this year doubled the total volume reported for 2021, according to a new report. 
Story image
Mergers and Acquisitions
SAS acquires Kamakura to propel risk technology innovation
Underscoring SAS growth in the domain-specific solutions space, the acquisition will enable SAS to greatly enhance the breadth of its risk solutions portfolio. 
Story image
Entelar
How TruSens air purifiers can create healthier workspaces
The pandemic has heightened our awareness of our own and others’ health, and made us all much more conscious of the environments we work in.
Story image
Dark web
Cybercrime in Aotearoa: How does New Zealand law define it?
‘Cybercrime’ is a term we hear all the time, but what exactly is it, and how does New Zealand define it in legal terms?
Story image
Supply chain
Supply chains continue to be disrupted, enterprises embrace circular economy
“Businesses urgently need to find a solution that can help them to manage this disruption, and transition to a circular economy."
Story image
Aspire
NEC expands Open RAN ecosystem with Aspire Tech acquisition
With its agreement to acquire Aspire Technology, NEC Corporation has further increased its capacity to deliver End-to-End Open RAN ecosystems.
Story image
Tech job moves
Tech job moves - Bitdefender, Cohesity, Fortinet & MODIFI
We round up all job appointments from June 27-30, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Cybersecurity
Blasé attitudes to cybersecurity by business a national risk
The largely unregulated state of cybersecurity in NZ, and consequential ambivalence of most businesses, risk hurting the country's trading prospects.
Story image
Cloudian
Cloudian, Vertica to deliver on-premise data warehouse platform
"We’re enabling our customers to capitalise on a leading object storage platform and maximise the value of their digital assets.”
Story image
Cybersecurity
Zscaler launches co-located data centres in Canberra and Auckland
The investment will offer public and private sector enterprises greater resilience in support of their zero trust cybersecurity posture.
Story image
Artificial Intelligence
Eight top DevSecOps trends to support IT innovation in 2022
The use of DevSecOps practices is growing, as it is increasingly seen as the best way to produce high-quality and secure code. So what are the current trends?
Story image
Great Resignation
New SAP study uncovers impact of 'the great resignation'
Coined in 2021, the phrase 'the great resignation' refers to millions of employees globally leaving their jobs. The phenomenon is real and impacting SMEs.
Story image
Cyber Criminal
Identity and access: the fight is on
Blue team defenders are used to protecting our data, applications, and users with access controls and other security mechanisms, which is why attacks like this are especially challenging when they target identity and access control systems.
Story image
Citrix
The best ways to attract young talent during labour shortages
New research from Citrix reveals hybrid working and ventures into the metaverse are top of mind for Gen Z workers.
Story image
Ransomware
Businesses unprepared to defend against ransomware attacks
Ransomware attacks continue to impact organisations worldwide with high costs, but businesses are still largely unprepared.
Story image
Samsung
Monitors are an excellent incentive for getting employees back
The pandemic has taught us that hybrid working is a lot easier than we would’ve thought, so how can the office be made to feel as comfortable as home? The answer could be staring you in the face right now.
Story image
Infrastructure
Oracle Cloud Infrastructure expands distributed cloud services
“Distributed cloud is the next evolution of cloud computing, and provides customers with more flexibility and control in how they deploy cloud resources."
Story image
Revenue
Datacom announces revenue of $1.45 billion, fall in profit
Growing market pressures and border closures saw Datacom place increased focus on talent development initiatives for both existing and future employees.
Story image
New Relic
New Relic looks to observability market with new partner programme
New Relic has announced the availability of New Relic Partner Stack, an enhanced programme expanding New Relic’s commitment to partners.
Story image
Cybersecurity
Why is NZ lagging behind the world in cybersecurity?
A recent report by TUANZ has revealed that we are ranked 56th in the world when it comes to cybersecurity - a look into why we're so behind and what needs to be done.
Story image
Cybersecurity
Zero trust security adoption rises 27% in just two years
A survey of WAN managers has revealed that multi-factor authentication and single sign-on are the top zero trust features implemented.
Story image
Cybersecurity
FIDO Alliance releases guidelines for optimising UX with FIDO Security Keys
The new guidelines aim to accelerate multi-factor authentication deployment and adoption with FIDO security keys.
Story image
Robotics
Evonik relies on Getac F110 tablet to control autonomous robot
The aim of the project is to evaluate the practicality of an automated robotic maintenance and inspection solution in the chemical industry.
Story image
HP Inc
Firmware attacks significant threat in age of hybrid work
Changing workforce dynamics are creating new challenges for IT teams around firmware security, according to new research.