Last week, when news broke about the latest cyber target of the Revil ransomware run by suspected Russian threat actor Sodinokibi, the scale of the attack was yet to be ascertained. Now, common sense is good enough – a sophisticated ransomware gang targeted a very popular enterprise software vendor, using exploit its many sellers – which in turn encrypts thousands of devices belonging to small and medium-sized companies. Case in point was Swedish supermarket chain Coop, which saw all 800 of its outlets go out of business because they failed to access their cash registers.
Supply chain attack effectiveness
An attack that is caused by source software Used by thousands of devices Compromises are being conducted around the world, this is known as a supply chain attack. To simplify how this works, a threat actor needs to first identify a flaw in popularly used software, which in turn exposes them to potentially thousands of vendors and sub-vendors. access that can be accessed through this software. It is probably one of the deadliest and most effective forms through which a cyber breach can be enforced, and makes the most sense, – winning manifolds of ransom by affecting thousands of companies through a breach. The probability may also increase.
So is this a dangerous harbinger of large-scale ransomware breaches becoming more common in the future? We’ve already seen SolarWinds and Kasia – will the future be an ominous venture? Speaking to News18, Mark Loman, director of engineering at cybersecurity firm Sophos, said that the “common” Kasia ransomware incident could underestimate the impact and extent of the complexity and sophistication behind attacks like this.
Rise of Sophisticated Ransomware
“Ransomware attacks usually require considerable skill and effort on the part of the attackers. Once an attacker has penetrated the network, it usually takes a few hours to a few weeks, before They acquire sufficient knowledge of the victim environment to efficiently deploy an encryption attack. During this time defenders have a chance to notice the intruder and prevent an impending attack.”
“In contrast, an attack via Remote Monitoring and Management (RMM) software is deployed automatically within seconds, with no sign of an attack coming on the victim’s end for them to detect. The attack, which affects multiple businesses simultaneously through a managed service provider (MSP), usually occurs through stolen access credentials that offer access to the RMM control dashboard. It is generally isolated from one MSP. It is rare that a ransomware attack affects multiple MSPs simultaneously,” says Loman.
The rarity of such cyberattacks, Loman says, is essentially driven by previous successful breaches. “Over the past two years, some successful ransomware attackers have raised millions of dollars in ransom, potentially allowing them to purchase highly valued zero-day exploits. Some exploits typically considered attainable only by nation-states While nation-states will use them sparingly for a specific attack at the hands of cybercriminals, an exploit for a vulnerability in a widely used IT management platform could disrupt multiple businesses at once and our can have an impact on daily life,” he says.
Responsibility of MSP comes
MSPs, or managed service providers, may face the greatest impact of such an attack. While the initial estimates were quite long, in one press statement Shared with News18, Kasia’s head Fred Voccola says, “Although each customer affected is a whopping one, the impact of this highly sophisticated attack has proven to be, thankfully, much greater.” The statement claimed that the total number of companies affected by the REvil breach is “about 50 of the more than 35,000 Kaseya customers.”
However, even though the actual impact of the attack was less than the initial condition, the Kasaya ransomware attack was no less significant. As Loman says, “whether the affected business pays the ransom demand or not, the recovery effort will still be important. Organizations use MSPs because they have limited IT resources, and these MSPs allow backups from affected organizations.” Will be filled with requests for support to restore, and more, when MSPs will use tools used to access customer environments to address issues in this particular situation, after the attack is offline. It may take a long time for businesses to be restored to normal operations.”
This is what makes the most dangerous aspect of supply chain ransomware attacks. Small companies with very limited resources are on the receiving end of their businesses due to close for days. For MSPs, there is a real impact in supporting smaller organizations through the recovery phase. It is the latter that sees many people paying a ransom to get their data back on track – a death trap, as it is the ransom that will likely fuel the next NotPetya, SolarWinds or even Kaseya.
read all Breaking Newshandjob today’s fresh news and coronavirus news Here
.