By now, we all know what happened to Kaseya. The IT management software provider for MSPs and IT teams announced on July 2nd that it had detected a potential attack involving one of its products, which in turn resulted in ransomware compromises in somewhere around 1,000 of their MSPs’ end-users.
The researchers at Huntress analyzed the forensic patterns, ransom notes, and Tor URL associated with those ransomware attacks. In doing so, they concluded that an affiliate of the REvil/Sodinokibi Ransomware-as-a-Service (RaaS) operation had perpetrated the attack. Dark Reading reported that the affiliate had specifically used an outdated version of Microsoft Defender to load the final ransomware payload. By using a piece of code signed by Microsoft, the attacker succeeded in evading traditional security solutions using antivirus protection. This enabled them to encrypt one million systems, or so the affiliate claimed, and to demand $50 million for a universal decryptor, per Bleeping Computer. REvil has since all but disappeared, and Kaseya now has the decryptor in their possession. (Although, as of this writing, no one is exactly sure how.)
Supply Chain Attacks and Evasive Malware Abound
The Kaseya incident underscores just how much the threat landscape has evolved in recent years. It specifically testifies to a rise in supply chain attacks. As covered by Tech Radar, a Ponemon Institute survey found that more than half (61%) of organizations had suffered a data breach due to insufficient cybersecurity measures implemented by third parties. The problem is that two-thirds of respondents in that same survey said they didn’t have an inventory of vendors and other third parties that maintained access to their data. Without that visibility, organizations can’t work with their trusted third parties to improve their security measures. Neither can they understand the full scope of the threat facing their supply chain.
ZDNet reported on another survey that helped to illuminate the scale of the issue. In that study, researchers determined that organizations had an average of 1,013 vendors as their suppliers. Even so, a third of survey participants said that they had little to no indication if malicious actors had infiltrated their supply chain. It’s therefore no wonder that 82% of organizations said that they had suffered a security incident in the past 12 months arising from vulnerabilities in their supply chain. They had no visibility, so they couldn’t prevent a breach from occurring.
The threat landscape hasn’t just evolved in terms of supply chain security, either. It’s also evolved in the way a typical malware attack works. Indeed, Solutions Review analyzed a report in which researchers found that 74% of malware attacks in Q1 2021 had involved zero-day malware. That means organizations can’t effectively protect themselves against three-quarters of malware attacks using traditional antivirus protection and other signature-based detection tools.
What These Developments Mean for Organizations Going Forward
These shifts demand a response from organizations. They need to rethink their security controls so that they can mitigate risks emanating from vendors and other external partners.
Hence the need for organizations to embrace advanced threat defense, not just detection. Such an approach recognizes that a reactive security posture wastes time and puts organizations at a disadvantage when it comes to supply chain attacks, evasive malware, and other modern threats.
In response, threat defense helps organizations become proactive in their efforts to mitigate threats. It does this by emphasizing the value of additional context around what they are seeing as obtained through active threat intelligence from local and distributed devices and systems, automated monitoring to aid in human response from the SOC, and current, up-to-date threat feeds. Good old signature-based IPS/IDS tools aren’t going away, either. Taken together, this information helps to make it easier for security teams to prioritize potential security issues so that they can quickly implement an effective response.
How Sentinel Can Help
Realizing advanced threat detection might be difficult for them to do on their own, organizations might consider working with a trusted solutions provider like Sentinel. Its Autonomous Threat Defense platform uses CINS Active Threat Intelligence to prevent attackers from establishing communication with malicious networks. This capability thereby helps to block reconnaissance efforts, attempts involving inbound exploitation, and attacks involving evolving malware, ransomware, or other sophisticated digital threats that need to beacon back to a command-and-control server.
Autonomous Threat Defense comes with additional technologies designed to help keep organizations’ network safe. For instance, it leverages Network Cloaking technology to hide their networks from wannabe attackers. It also enhances visibility into exploits and malicious traffic while keeping an eye out for weaknesses and misconfigurations on the firewall and public-facing network. With that information, organizations can defend against attackers who’d seek to misuse a trusted supplier’s network access as well as other nefarious individuals.
Put Us In Your Corner.
We back you up with managed threat protection, visibility, and support, 24/7.