The recent Fourth of July holiday weekend in the U.S. brought the latest installment in the wearying litany of colossal cyberattacks. The breach of the Miami-based software company Kaseya, which combined a supply chain attack with ransomware, affected hundreds of organizations all over the world—from kindergartens in New Zealand to a Swedish supermarket chain representing 20 percent of the country’s food retailers.
The company at the center of the incident, Kaseya, offers “complete, automated IT management software for [managed service providers] and IT Teams,” according to its website. Put another way, Kaseya software has low-level, privileged access right across the networks and systems of its many customers—the managed service providers who, in turn, have access to their many customers. Instead of breaking into each of those secure systems one by one, the hackers simply breached Kaseya’s software and allowed it to do the work of spreading their malware far and wide.
An insidious aspect of this case is the mode of delivery: a corrupted software patch that the managed service providers, the intermediaries in this supply chain attack, would have encouraged their customers—the kindergartens, food retailers and others whose data was encrypted for ransom—to download.