As Australia’s business community continues to assess the damage from the major Kaseya ransomware attack, some in the security community are pushing for stronger industry collaboration that would speed response to such attacks with stronger threat intelligence and tailor-made incident-response advice.
The attack—apparently instigated by Russia’s REvil gang and exploiting the company’s cloud-based VSA remote monitoring and management software tool—emerged over the US Fourth of July holiday weekend, rapidly planting ransomware into the company’s software supply chain worldwide.
By implanting ransomware in more than 30 of Kaseya’s managed service provider (MSP) customers, the malicious code propagated down its supply chain to their customers — ultimately affecting more than 1,000 companies in 17 countries.
A worrying shift in attack profile
The attack was a worrying escalation in ransomware tactics because it coupled supply-chain techniques with the “incentives and devastating impacts of ransomware,” said Casey Ellis, founder of Australian cybersecurity provider Bugcrowd and a 20-year security-industry veteran.