Kaseya Releases Patch, Restores VSA Servers After Ransomware Attack
Kaseya also says ‘with the large number of users coming back online in a short window, we have seen some performance issues. We made some configuration changes to address and need to restart the servers for these to take effect and improve performance.’
Kaseya said it released a patch for VSA on-premises customers as it turned on its servers Monday morning with 100 percent of its SaaS customers live after being offline for more than a week following the ransomware attack.
In an update this afternoon, the company said “with the large number of users coming back online in a short window, we have seen some performance issues. We made some configuration changes to address and need to restart the servers for these to take effect and improve performance.”
Kaseya earlier in the day had said that all of its SaaS customers were live as of 3:30 a.m. ET Monday.
Kaseya CEO Fred Voccola told CRNtv last week said the vendor has a “very modular approach” when it comes to security, making a ransomware attack easier to contain.
“We have different data centers, we have different SaaS operations teams (and) security teams, that’s why only one of our 27 modules was impacted,” he said. “It’s also one of the reasons why only 50 or 60 of our customers, our MSPs and direct IT shops, were hit.”
He said there’s always a balance with having a product on the market and having a technically-secure product that sits in the lab and is never put to use. Going forward, he said Kaseya will have the most secure endpoint management products in the world.
Meanwhile, many MSPs, distributors and vendors have been losing sleep since the cyber breach about what can be done to be ready for the next one.
Wes Spencer, VP and external CISO at Tampa, Florida-based IT vendor ConnectWise, compared a ransomware attack to a hurricane, explaining that it’s all about preparation.
“No one can stop a hurricane, but how can we be prepared when it comes?” he said. “The cyberworld is the same way. It’s coming, when does it come? And when it does come, what do we do about it?”
Another important question to ask is what are companies doing to reduce the impact of those breaches when they occur, he said.
[Related: The Kaseya Attack]
“We’ve seen the evolution of threat actors go after and understand how to monopolize and monetize MSPs,” he said. “They understand all of the clients they have under their control and power.”
And it can happen to anyone, he added.
“We’re all targets,” he said. “That is the fear that keeps us up at night. That is what drives us to understand what the mature cybersecurity looks like at ConnectWise.”
While MSPs provide a variety of services to protect and secure their clients, they don’t always rely on a single technology solution to get their jobs done, said Dave McKinnon, CSO of remote monitoring software vendor N-able.
“It’s not uncommon to find an MSP using one RMM, paired with a different help desk solution and yet another backup product,” he said.
For Dan Komis, CEO of Long Island-based MSP, TechRunner IT, cybersecurity is a multi-pronged approach.
“The vendor has to put out a secure solution, the partner has to understand the solution and be able to implement it to the client and the end user has to understand what they have to do and accept the accountability to do it,” Komis said. “The easiest example there is two factor authentication. Every end user fights it, because it‘s an extra step, it’s difficult.
“Cybersecurity is rarely convenient,” he added. “So it‘s that balance of risk versus ease of use.”
The downside for the client is that it’s sometimes expensive, with one layer of security that could cost $5,000, Komis said.
“For the under 20-employees businesses, they’re big numbers, they have an impact,” he said, “The challenge that companies like mine have now are we need to dictate what has to happen in a way that our clients can handle and accept. It‘s something that smaller MSPs are dealing with every day, and a lot of them are afraid to make that decision because they’re afraid to lose business.”
Days after the Kaseya breach, the said the attack “literally keeps everybody up at night.”
“I have not slept,” he told CRN. “The second you close your eyes, it‘s all you’re thinking about. What do we have to do in ourselves? What else can we look at?”
Going forward, McKinnon said MSPs should require multiple layers of technical and security controls, like multifactor authentication, antivirus, patching, and backup. Other factors should include endpoint detection and response (EDR), security information and event management (SIEM) and threat intelligence.
Vendors should join together to “understand learnings, apply best practices and move quickly to support our own customers and the community at large.”
And on the human side, it requires a “culture of security,” through security training awareness and preparedness exercises.
“As vendors, we owe it to our customers to do everything we can to securely develop the tools they use to deliver these solutions, respond appropriately and quickly to vulnerabilities and threats, and to collaborate with the appropriate authorities to help in the response,” he said.