According to news reports, at least 1,500 businesses have been impacted by a cyber-attack on enterprise tech firm Kaseya through its remote device management software, which was used to spread ransomware. Some experts have linked the largest single ransomware attack to a Russia-linked gang. Sagar Samtani, assistant professor of operations and decision technologies and Grant Thornton Scholar at the Kelley School of Business, is readily available to talk with media.
Samtani serves on the executive advisory council for the CompTIA ISAO, an entity focused on sharing cyber threat intelligence for Managed Service Providers (MSPs), part of the contingent that was struck by these attacks.
Below are thoughts from Samtani:
“The company may be looking to identify for certain the scope and reach of the attack. “Kaseya may not be able confirm the exact number or particular companies at this point in time. This is likely for two key reasons. First, the attack may be phased – we may have seen just the first phase. Second, Kaseya themselves may not be entirely sure at this point – they may be focused on identifying the scope of the attack themselves.
“The scale of this attack is unusual. Usually, it is a single set of companies. However, the reach of this is much larger and further and past ransomware attacks. Ransomware attacks in the past have been focused on taking down a single company. However, this attack is much different, in that the focus was taking down thousands of Managed Service Providers (MSPs; provide IT/technology services to small and medium sized businesses) simultaneously by attacking a technology that is used by a broad range of organizations.
“These attacks indicate that supply chain issues/attacks are continuing to be a promising attack avenue. The SolarWinds incident in December indicated that attackers could profit significantly more in conducting a supply chain attack, as opposed to a single organization. This attack indicates that this trend seems to have continued in 2021. One approach that organizations can take to help prevent such issues is signing up for threat intelligence services such as Information Sharing and Analysis Organizations. For example, only one out of over 1,000 organizations signed up for the CompTIA ISAO (designed for MSPs) was affected with the breach."