Finding Community Amongst The Chaos

IT & Security Professionals Come Together in Wake of Kaseya Breach

Friday, July 2, 2021,  was another one of “those days” where things seemed to be quiet heading into a holiday weekend.  Work was settling down, the weather was beautiful, and all was good….  until news broke that there had been another major Supply Chain cyber attack.  This time against the Kaseya VSA product.  The holiday weekend was NOT going to be a relaxing one!

Why Was This Such Big News?

Managed Service Providers (MSPs) are companies that provide traditional IT services on behalf of other companies.  In many cases, these MSPs are responsible for the care and feeding of critical IT components that literally run their Customers’ businesses.  Kaseya VSA is just one of many tools that MSPs utilize to provide these services and, by nature, an attack on the tool represents an attack on many different businesses….  across many different industries.
A Supply Chain attack essentially creates a “Cyber Pandemic.” By successfully planting their malicious agents into the Kaseya software, the REvil team infected a host, who in turn infected thousands of other hosts before seeing or recognizing symptoms of an infection.


Why is this still happening?

Cyber attacks are huge business with Ransomware, alone,  representing tens of billions of dollars in revenue each year.  The bad guys continue to evolve their creativity to find new ways to breach companies…. large & small.  It’s a constant cat & mouse game with the good & bad guys always trying to find ways to outsmart the other side.  And, unfortunately, this is a problem that will not be going away any time soon!

Instead of Division, We Saw Unity

When these types of attacks occur, it presents an opportunity for competing companies to come out of the shadows and start pointing fingers.  “They can’t protect themselves, how can they protect you?!?!” But that’s not what happened.  By now, companies have started to realize that this can (and probably will) happen to anyone. The ones who weren’t impacted by the Kaseya breach may have been better prepared, but it was more likely they were just lucky.
MSPs took inventory of their environments, started reacting accordingly for Customers who may have been impacted, and went onto high alert to make sure no one else was exposed.  However, for MSPs (and vendors that compete with Kaseya) that weren’t wrapped up in recovery efforts, they started reaching out to their competitors offering up time & resources to help out.  Rather than “kicking their competition while they were down,” they stepped up and offered to partner through the storm.  It was amazing to see the community that was truly built out of the chaos!  At the end of the day, we are all better off when companies are more secure!  Some of us are business owners, but ALL OF US are customers, partners, suppliers, etc…. and it’s OUR personal data that is at risk when a company is breached.

What Can We Take Away From This Event?

  • Security will continue to be a major player in business operations for the foreseeable future.  Companies who aren’t taking security seriously are just waiting their turn to be a target.  And they will soon find out whether their business can survive the loss of data, shutdown of business operations, and the impact on credibility associated with a breach… in addition to the real cost of recovery.
  • There is no silver bullet or one-size-fits-all tool to find or block these creative security events.  Much like a carpenter uses a saw, sander, hammer, and chisel to do one job, an IT company will also rely on a series of tools.  But even more importantly, a tool is just a tool — and the best security tool will be rendered useless if it isn’t deployed or configured correctly, updated & tested regularly, or a evaluated against current real world threats.
  • No matter how prepared you are to detect or prevent an attack, backups and the ability to restore are critical in a time of crisis.  When all else fails, you may have to rely on your backups to quickly restore business operations.  When was the last time you verified your backup process and tested to ensure it would be successful if the survival of your business literally depended on it?


How Can Companies Prevent Being A Target in the Next Attack?

  • “An ounce of prevention is worth a pound of cure.” In addition to technical controls that companies can and should be implementing to improve their cyber security posture, there are a series of administrative controls that are just as important. A crisis creates the perfect storm where reactive emotional responses can put a company out of business.  You should never wait until an event occurs to document policies, procedures, and controls to aid in the case of an emergency.  Your Business Continuity and Disaster Recovery Plans are not optional and should be reviewed & updated regularly.
  • You must take a multi-layered approach to security.
  • Vulnerability & patch management is critical to keeping your company off the radar for cyber criminals.  They often search the internet for businesses who are running vulnerable software or hardware that become low-hanging fruit and are easy to exploit.  The best way to not show up in these scans is to be proactive and detect & resolve these vulnerabilities before they can be used against you.
  • Zero Trust is not an easy concept to accept but it is key in protecting against the attacks that we have not yet seen, like the recent Supply Chain attacks.  The idea is to operate much like the old days of the firewall — everything is blocked by default and has to be enabled (or turned on) in order to function.  By not trusting, as a default, additional overhead is put on IT teams to verify changes to an environment (new application version, new or modified IP addresses, etc.) but it also provides protection against malicious changes that are pushed out unsuspectedly.
  • Security Event & Information Monitoring (SEIM) allows a company to monitor for active attacks and evaluate for Indicators of Compromise (IoCs).  In the case of an attack, it is just as important to recognize a breach so you can mount an appropriate response and shut them down, minimizing the exposure to your systems or data.


AlphaONE was created out of the necessity to give Small & Medium Businesses (SMBs) a fighting chance in the world of IT Security.  We have services built around detection, remediation, and monitoring of your company’s assets and will be glad to work with you on a customized Security plan built around YOUR business.  Give us a call (833-ALPHAONE or 334-245-3125) for more information on how we can help protect YOUR future!