Kaseya’s breach – don’t worry, we don’t use it

A story emerged over the weekend of how a Russian hacker group going by the name of REvil conducted a massive cyber attack on a company called Kaseya.

What is Kaseya? Well, they provide many IT companies with the support tools they usually use to watch over their clients.

But not Dial A Geek. If you’re with us, your systems are safe. We don’t use Kaseya. We use tools provided by a company called Datto.

What happened with the Kaseya breach?

Early Friday evening, when everyone was going home for the weekend – a big one in the United States, where they were celebrating their Independence Day – REvil launched their attack.

Kaseya’s software requires its IT company users to have the central control segment on their own servers. All of the IT company’s client’s devices have smaller “agents” installed that report back to the company’s server. This server software is known as VSA.

VSA can tell the agents on the individual devices to run automatic maintenance processes and – crucially – install software updates. This seems to have allowed REvil to instruct the agents to install ransomware on all of the devices VSA was linked to.

What was the result of the breach?

It’s known that eight IT companies in the US have been affected. Combined, they have several hundred customers who now have thousands of individual devices encrypted by ransomware. At least one company has been forced to close temporarily because all of its point-of-sale computers are infected.

Kaseya has instructed all of the companies using their software to close VSA and other providers who have integrations with Kaseya have also closed them down.

It seems likely that the scale of the attack might be larger than is currently known. We’ll find out as the week goes on.

But Datto is still safe – here’s why

Datto’s software – the software Dial A Geek uses – doesn’t work in the same way as Kaseya’s:

•   It is 100% cloud-based and within Datto’s own highly secure network, which would be immeasurably harder for hackers to break.

•   Hackers could target Datto’s individual users, but because of the way the software is set up, it wouldn’t do them any good.

•   Datto was recently updated with unique per-client encryption keys that require MFA (multi-factor authentication) to access.

Of course, we’re still going to be checking in with Datto regularly to make sure they’re monitoring the situation and making sure that no variation of this can happen to them.

What should you do about the Kaseya breach?

If any part of your business relies on IT, this is the wake-up call to start taking cyber security seriously.

In particular, understanding your supply chain is going to be of crucial importance moving forward. Because, sadly, attacks like this are likely to become more prevalent in future.

So, what would you do if hackers attacked your business or a company that’s part of your supply chain tomorrow?

1.    Get support in place – it might be a bit ironic considering that this problem arose through IT companies using this software, but having an effective, proven IT support provider in place is still your best protection against cyber security threats of all kinds. The clients of IT companies that have suffered through Kaseya will even now be having their systems restored from secure backups and the industry will proof itself against this threat moving forwards.

2.    Check your suppliers for compliance – what effect would a breach at any part of your supply chain have on your business? If you already use Dial A Geek, you’ll know that we are Cyber Essentials accredited and secure ourselves. What do your other suppliers do to protect themselves from cyber attacks?

3.    Set up cyber insurance – cyber insurance is fairly new but you might find that your combined business insurance includes at least some coverage for it. It’s time to find out just how much coverage your policy provides and in what circumstances (most policies require that you have certain protections in place, for instance).

4.    Become Cyber Essentials accredited – it’s already a must if you want to work with many organisations or the UK government. But Cyber Essentials – a government-backed scheme that tests your systems and IT setup to ensure you’re secure – proves to your clients and partners that you are cyber secure as well as being great for your own peace of mind.

This situation is terrible for all of those who’ve been hit by it. The wider IT industry is reeling too.

At Dial A Geek we are constantly aware of our responsibility to keep our clients safe. If you need any help with any of the above or have any concerns in general, don’t hesitate to contact us.

Call us on 0117 369 4335 or schedule an initial consultation with our Chief Geek Gildas Jones via his booking calendar.