Lessons from the Kaseya VSA Ransomware Attack: The Key Steps MSPs Should Take to Secure their Environments and Prevent Future Attacks

The Kaseya VSA ransomware attack¹ that occurred on July 2nd, 2021 has sent shockwaves around the global managed service provider (MSP) landscape due its dramatic scope and complexity. 

Similarly to other large scale cyber attacks² carried out this year, the Kaseya VSA cyber attack began as a small and relatively isolated incident but quickly mushroomed out of control due to lateral movements that provided attackers with increased system access and potential for launching extortion attempts against more and more small and medium-sized organizations.  

Despite the fact that the attack is said to have directly targeted just .01% of Kaseya customers, its effects have highlighted the dramatically heightened security challenges³ that MSPs face in the current threat environment.  

We now know that Kaseya first became aware of the zero day vulnerability utilized to launch the July 2nd ransomware attack in April of 2021 and was working aggressively to patch it. The vulnerabilities that Kaseya was aware of includes:  

CVE-2021-30116: A credentials leak and business logic flaw, to be included in the forthcoming 9.5.7 update for on-premises; fixed in SaaS on June 26; 

CVE-2021-30117: A SQL injection vulnerability, resolved in May 8 patch; 

CVE-2021-30118: A remote code execution vulnerability, resolved in April 10 patch (v9.5.6); 

CVE-2021-30119: A cross-site scripting vulnerability, to be included in 9.5.7; 

CVE-2021-30120: 2FA bypass, to be resolved in v9.5.7; 

CVE-2021-30121: A local file inclusion vulnerability, resolved in May 8 patch; 

CVE-2021-30201: A XML external entity vulnerability, resolved in May 8 patch. 

Unfortunately, despite the cybersecurity firm’s best efforts, the subsequent ransomware supply chain attack that was launched continues to send reverberations around the world as governments and commercial businesses struggle to counter the dramatic and persistent threat posed by ransomware-as-a-service.  

In this article, we will outline everything your organization needs to know about the Kaseya VSA ransomware attack as well as the key steps MSPs should take to secure their environments and prevent future malicious software attacks.  

The Rise of Ransomware Supply Chain Attacks Against Managed Services Providers (MSPs)

On July 2nd, 2021 Kaseya’s virtual system administrator software was leveraged to dramatically amplify the reach of a devastating zero-day cyber attack⁴ to include 60 MSPs, up to 1,500 downstream businesses, and the encryption of more than 1 million computer systems.  

An affiliate of the REVil ransomware gang, also known as Sodinokibi⁵, originally sought to claim a $70 million ransom in exchange for a universal decryption solution for retrieving access to compromised system files encrypted as a result of the ransomware attack levied on July 2nd, 2021.  

While cyber attacks have increased by more than 600%⁶ since the start of the global pandemic and ransomware attacks are so common, they are likely to target another global organization every 11 seconds⁷, attacks like the one leveraged against Kaseya demonstrate the escalation of cyber attack methods and the evolution of new strategies for compromising digital networks by targeting attacks against MSPs.  

The Kaseya VSA ransomware attack is quite unique because the attackers were able to leverage a single zero day vulnerability to launch a dizzying flurry of attacks against MSPs and their customers.  

While it will still be some time before the complete institutional and economic impacts of the Kaseya VSA ransomware attack will be more fully understood by researchers, at this time, it is quite clear that MSPs find themselves dramatically in the crosshairs of ransomware gangs and their opportunistic affiliates that are motivated to unleash devastating cyber attacks in the name of profiting from subsequent chaos.  

5 Key Steps for Managed Service Providers to Take to Secure their Environments and Prevent Future Ransomware Supply Chain Attacks

On June 28th, 2021 the Foundation for Defense of Democracies’ (FDD’s) Center on Cyber and Technology Innovation released a report produced in coordination with Intangic called The Economic Costs of Cyber Risk⁸  found that a single cyber attack carried out against an MSP could likely lead to more than $80 billion in losses.  

Though, as staggering as this figure may be, it is important to emphasize that cyber crimes such as ransomware attacks and data breaches are likely to result in wide-ranging damages to reputation and future earning potential that will not accurately be accounted for using purely economic estimations.  

Cyber attacks that target supply chains are an emergent threat that every managed service provider should be working aggressively to counter. The Kaseya VSA ransomware attack has demonstrated conclusively that criminal organizations are highly motivated to continue to target MSPs in pursuit of ever more lucrative payouts.  

To prevent future supply chain attacks, managed service providers should:  

1.) Undertake a Cybersecurity Maturity Assessment

It is time to get tough on cyber crime and that means having a clear overview of the challenges your organization is facing as well as the opportunities your current cybersecurity posture provides for mitigating threats. Be sure to implement the Top 18 CIS Critical Security Controls⁹ and appoint a virtual chief information security officer (vCISO).

Book a time to talk about your Security Maturity Assessment today.

2.) Implement MSP Protect

MSPs are being targeted aggressively by cyber criminals. It’s time to upgrade to the industry leading MSP SOCaaS. Detect, respond, and report emerging threats to ensure the safety of your customers and success of your organization.

Book a demo of MSP Protect today.

3.) Utilize Advanced Security Services

Every day, your customers are under attack. Be sure to offer them access to advanced security services such as security risk assessments, security awareness training, data protection and privacy services, compliance support, incident response solutions, and data security and governance assistance.

Schedule a meeting to discuss advanced security services.

4.) Ensure your Security Stack Covers All Risks

Cyber criminals are working around the clock to find new ways to levy devastating attacks against your MSP. Be sure your current solutions cover all the different types of risks e.g. SOCaaS, EDR, Dark Web, Cisco Umbrella, that your organization is facing.

5.) Secure SSAE-19 Certification

The SSAE-19 Certification helps your organization to be more accountable to emergent cyber threats while also being more profitable. Boost your cybersecurity capability and credibility to generate higher revenues.

inSOC is here to help your organization get certified.