Kaseya’s CEO Fred Voccola in a Video message Posted at 9:45 am Eastern Daylight Time last night described “long, long five days” as he apologized for the continuing VSA outage. He assured customers that Kaseya was taking the incident very seriously and delivered the unwelcome news that the resolution the company was working on would be further delayed. The new release time for a fixed and patched VSA will be 4:00 p.m. Eastern Time next Sunday. While Kaseya was confident that the patches they developed had closed the vulnerabilities exploited by the blackmailers, Voccola said that outside engineers and in-house IT staff recommended putting additional layers of security in place to protect against other exploits they might not foresee . He said he was confident that the upcoming version would fix the issues and confirmed that only the VSA product was affected by the incident.
The company also published a Running book yesterday evening changes to the on-premise version of VSA to allow customers to prepare for the upcoming update.
Voccola alluded to “Kaseya Cares,” a program launched in the early days of the COVID-19 pandemic last year. Kaseya Cares provided direct financial and advisory support to MSPs serving small and medium-sized businesses. He said they are now offering similar assistance to companies affected by the ransomware spread by VSA.
A US response to the Kaseya incident is still in preparation.
US President Biden left a consultant meeting yesterday and said in a short joke as he left the area that he would “respond” to Russian President Putin about the ransomware attacks on US companies. “Mr Biden’s vague statement when he was leaving for a trip left it unclear whether he was planning another verbal warning to Mr Putin – similar to the one he issued three weeks ago during a personal summit in Geneva – or promote more aggressive options to dismantle the infrastructure used by Russian-speaking criminal groups, ”according to the New York Times Reports.
But it is at least clear that the US administration believes that Russia has some responsibility for the Kaseya ransomware campaign, even if that responsibility does not go beyond condoning criminal acts. REvil is not a new group and has been operating for some time without harassment or interference from Russian law enforcement or security agencies. Further evidence that REvil is following its practice of not hitting Russian targets has been presented by Trustwaves Spider Labs included in their study of the operation against Kaseya, found that its ransomware packages avoided systems that could be identified as Russian.
The Times puts its report on a response to REvil a discussion of the US government’s view of the attempt in the Republican National Committee (RNC), apparently from Russia’s SVR. “‘The FBI is working with the RNC to establish the facts,” said Mr Biden. ‘I’ll know tomorrow what I’m going to do.’ ”Whether this is a causal link or a mere temporal correlation is not clear, but the focus of the US response is on Russia in both cases.
The BBC Quotes Experts say attempting to compromise the RNC looks like traditional espionage, but the Kaseya incident is a different and arguably more serious matter overall. The BBC believes sanctions and an agreement that would secure Russian police cooperation against REvil are the two options the US is most likely to make use of. However, cooperation with Russian law enforcement agencies seems unlikely. MIT Technology Review has one account how previous attempts at such collaboration have failed after initial promises of goodwill.
The US appears to be in a position to try to pay the extortionists and their innovators. At the Geneva summit between Presidents Biden and Putin, red lines were drawn from the US side, and a red line is an or-else proposal. When it’s crossed, as a strategist observed, it is important that the “other” materialize. “The national interest sees the possibility of a face-saving waffle on the US side, which could claim that the ransomware attack did not affect any of the sixteen specific areas that President Biden told his Russian counterpart, should be banned. However, such a waffle seems unlikely. Despite President Biden Assurances Earlier this week that the business impact of the incident appeared “minimal”, the impact of this and other ransomware attacks is too visible, too disruptive to be easily overcome. Both the Washington Post and Lawfare have published explanations as to why the ransomware attack on Kaseya’s customers is grave scope and in Sophistication.
Ilia Kolochenko, founder of ImmuniWeb and a member of the Europol Data Protection Experts Network, commented on the restrictions on retaliation options. He argues that a credible and unambiguous assignment of attacks is essential to formulating a response:
“Counterattacks against sovereign states carried out without a convincing attack attribution based on solid evidence of the original aggression will contradict the Tallinn Handbook and are likely to violate international law. In addition, all attacked countries are likely to take revenge with government-sponsored hacker campaigns that can quickly lead to chaos and national disasters by damaging critical infrastructure such as hospitals, airports, gas or water supply chains. Worse still, Western countries have highly digitized economies that are particularly vulnerable and susceptible to large-scale cyberattacks. After all, many innocent US citizens could fall victim to the escalating cyber war.
“It is important that counter-operations in the digital space do not address the root cause of ransomware: largely ignored cybersecurity hygiene, pervasive negligence and underestimation of cyber risks. The money spent on offensive operations would be better off strengthening national cyber defense capacities, including “Creating cybersecurity awareness and support programs for SMEs. Finally, in order to catch up with the EU, the US should finally consider implementing the Federal Data Protection Act, which has been expected for over a decade. Prevention, regulation and cyber defense are key. for the sustainable protection of a country, while cyber war is a reliable recipe for multiplying losses and not achieving the desired results. “
We also heard from Mike Hamilton, Founder and CISO of Critical Insight, who thinks it likely that REvil purposely avoided the sectors President Biden drew the red line around:
“Also note that in order to hold Russia accountable, we do NOT have to prove that the gang is operating from Russia (we know that), but that the Russian government was previously aware of these attacks. That is a much bigger task It is likely that “the US will take action directly against those involved, but retaliation against the country may have to wait until more information is available.” For comparison: We are currently in the process of calling China publicly to launch an exchange attack, and that was it a few months ago. “
We will give the BBC the final say on the prospect of US retaliation. Her article concludes: “With the law in Geneva clear, Joe Biden could feel he needed to act. Certainly the US president, like the US military, has a cyber operation that can more than survive in combat.” . The question now is to what extent Mr Biden will choose to use it. “
Industry assessment of Kaseya’s preparation and response.
Kaseya’s ability to deal with the attack has been harshly criticized by those who like the sources believe quoted in CRN that the company should not have exposed itself to this type of exploit. The Dutch Vulnerability Disclosure Institute says it detected zero-day in April and immediately notified Kaseya. Kaseya was in the process of addressing the issue when the attack occurred, so the company’s response may have been rather hesitant. It was certainly a little late.
Others have given Kaseya better ratings. Electronic engineering describes Kaseya called “quick reacting” to contain the damage. The company’s public communication about the incident was regular and clear.
Critical Insight’s Mike Hamilton also gave Kaseya high marks: “When it comes to incident response, Kaseya does a good job. The real question is whether the affected MSPs and their customer base can respond well. Good examples are Kaseya’s communication: “maintaining, developing a tool to identify compromised versions of the agent, and having DHS and the FBI on the table from the start.”
#Kaseya #Assessment #Lessons #Learned