The most recent ransomware attack on software company Kaseya hit small businesses particularly hard, targeting companies that often have few resources to defend themselves and pointing to longstanding vulnerabilities.
The attack was made worse during the pandemic as cyber threats against small businesses multiplied and companies struggled to stay afloat.
“If big companies don’t get the basics right, it’s negligence,” Kiersten Todt, executive director of the Cyber Readiness Institute, told The Hill.
“When small businesses don’t get the basics right, it’s often because they don’t have the resources, knowledge, or training,” added Todt.
The small business concern was revealed last week following the attack on Kaseya that affected up to 1,500 companies using the services of Kaseya customers.
The attack was attributed by cybersecurity experts to Russia-affiliated group REvil.
“Many of Kaseya’s customers are managed service providers who use Kaseya’s technology to manage IT infrastructure for local and small businesses with fewer than 30 employees, such as dental offices, small accounting offices, and local restaurants,” Kaseya said said in a statement in the attack last week.
The hacking group initially asked the equivalent of $ 70 million in Bitcoin to provide companies with a universal decryption tool for their networks, but later lowered this price to $ 50 million, with individual companies allowed to negotiate a much lower amount.
Charles Carmakal, FireEye’s senior vice president of Mandiant Advisory, told The Hill that the hackers were likely “frustrated” by the attack, adding that it was “financially successful” as the number of small businesses was by the day Life was less important if operations were taken.
The attack came at the end of a brutal year for small businesses, many of which temporarily closed their physical doors and relocated businesses online during the pandemic. This made the companies, often understaffed and inadequately prepared about cybersecurity, a tempting target for hackers looking to make money by attacking vulnerable organizations.
“Malicious actors have surely recognized that the opportunity for social engineering has increased exponentially as everyone is online, and across the board, you saw the tradeoffs and vulnerabilities that were exposed,” said Todt.
Spencer Ferguson, CEO of Utah-based managed service provider Wasatch IT, told The Hill that his company’s workload “doubled during the pandemic when we helped our customers work from home.”
Ransomware attacks have been a particular problem for businesses of all sizes, especially last year as hospitals, schools, and government organizations have been attacked and forced to either pay the ransom or spend a long time and even more money on recovery.
While the federal government recommends not paying a ransom, many companies choose to do it because of the increased financial risk if it is not paid.
“They’re really investigating some prolonged business downtime, and then things can get very expensive or the cost is so high that companies could go out of business, so we’re seeing a number of answers,” Vince Voci, vice president for cyber Politics at the US Chamber of Commerce, The Hill said.
The Biden government is aware of threats to US businesses following the Kaseya ransomware attack and previous ransomware attacks on Colonial Pipeline and JBS USA in May.
White House press secretary Jen PsakiJen PsakiUS will not block completion of Russia’s Nord Stream 2 pipeline Biden says the US has a path to the coronavirus Fox News denies contact with the White House about vaccination coverage MORE told reporters last week after the Kaseya attack that the incident “underscores the need for businesses and government agencies to focus on improving cybersecurity as well.”
Congress also noted the need to strengthen security for small businesses.
Last month, Sens. Marco RubioMarco Antonio RubioThe Hill’s Morning Report – COVID-19 infections looming over the US and the Olympic Games Six takeaways: What the FEC reports tell us about the mid-term elections The memo: Trump is diminished, but not faded MORE (R-Fla.), Chris CoonsChris Andrew CoonsOVERNIGHT ENERGY: Democrats present vision for the civilian climate corps | Manchin supports controversial public land candidate | White House detailed plan for environmental justice Democrats present vision for the civilian climate corps Overnight Energy: Democrats want to fight climate change with import taxes | Proponents Say Bigger Deal Is Needed To Tackle Climate Crisis | Western forest fires worsen with 80 different fires MORE (D dist.), John KennedyJohn Neely KennedyMORE (R-La.) And Raphael WarnockRaphael WarnockFor real American prosperity, make the child tax credit permanent 12:30 PM Report from The Hill – Presented by Goldman Sachs – Key Week for Biden’s Infrastructure Goals The Hill’s Morning Report – COVID-19 infections looming over the US and the Olympic Games MORE (D-Ga.) reintroduced legislation to protect small businesses from cyberattacks, in particular by requiring credit reporting agencies to be more transparent to smaller businesses about data breaches.
Rubio on Friday underscored his concern about foreign hackers targeting small businesses.
“No company is safe from hackers, especially hackers supported by governments in Russia, China, Iran and elsewhere,” Rubio said in a statement to The Hill. “Small businesses are particularly at risk. The Biden administration must make it clear to criminal organizations and those who host them that these attacks are unacceptable and will have consequences. “
Todt emphasized the need for the federal government to work with the private sector to keep small businesses safe.
“Government and industry must work together to make small business cybersecurity a priority, and this is achieved through education, training and sharing of practical best practices and resources,” said Todt.
“The good news is that this is achievable, we just have to make it a priority,” she said.
#Kaseya #ransomware #attack #exposes #small #business #cyber #vulnerabilities