On July 4th, 2021, a cyberattack occurred that made use of a zero-day vulnerability present in Kaseya software to gain access to a multitude of desktops. The ransomware attack demonstrated a number of new and innovative exploits that are deeply concerning. However, not everyone was caught flat-footed, in fact, some organizations were able to identify the attack and prevent it from reaching into their networks further.
CrowdStrike has often had its finger on the pulse of cyberthreats, thanks in large part to the extensive work they do to catalog and document cyber adversaries. This background allows Falcon, CrowdStrike’s AI/Machine Learning powered detection algorithm, to identify the threat once telltale signs emerge that an attack is occurring in a network.
“Make no mistake, the timing and target of this attack are no coincidence.” – Adam Meyers
“Based on CrowdStrike’s telemetry, the recent ransomware attack on Kaseya has all the hallmarks of the threat actor PINCHY SPIDER, operator of REvil ransomware and suspected culprit of the recent attack on JBS,” Adam Meyers, Senior Vice President of CrowdStrike Intelligence told GovCyberHub. “Make no mistake, the timing and target of this attack are no coincidence.”
Attacks such as this are often carried out during periods where cyber defense may be either incredibly stressed or when defenses may be down, some of the most popular times for either are over Holidays. “[This attack] illustrates what we define as a ‘Big Game Hunting’,” Meyers continued. Big Game Hunting refers to a style of cyberattack that targets large business and government entities with significant reach. “[The attackers] target to maximize impact and profit” by targeting supply chain entities.
Part of the allure of these larger entities is their considerable reach. Kaseya itself has one of the most popular IT software used by managed service providers (MSPs), which meant that gaining access to their system would allow attackers the opportunity to spread malware to additional targets. “What we are seeing now in terms of victims is likely just the tip of the iceberg,” said Meyers.
“Organizations must understand that these headlines are no longer warnings, they are a reality of what is in their future if they have not established a mature cybersecurity strategy.” – Adam Meyers
When viewed from the perspective of a potential cyber attacker, this sort of highly successful attack just serves to incentivize further similar attempts. Meyers noted that the continued success of large software supply chain attacks “provides an ominous outlook for organizations of all sizes.” The ability to not only have considerable reach but to extort substantial sums of money will likely drive an increase in similar attacks.
Meyers concluded encouraging organizations to not simply brush aside the latest news but to truly learn from the lessons that these events have taught. “Organizations must understand that these headlines are no longer warnings,” Meyers said. “They are a reality of what is in their future if they have not established a mature cybersecurity strategy.”
CrowdStrike offered up further advice on the topic encouraging organizations to use leading security technologies, like an endpoint security solution, that takes a layered approach to cybersecurity. Perhaps most importantly, CrowdStrike emphasized that organizations do not have to figure out their cybersecurity alone, but that they can lean on the experience of experts to help them understand the unique threat landscape facing them.
To learn more about CrowdStrike’s assessment of the Kaseya Cyberattack, click here.
To learn more about what options are available from CrowdStrike to prevent a similar attack from happening to your organization, click here.
