This week, we are reminded again how critical it is that you are taking steps to not only protect your network, but also taking steps to strengthen your supply chain. We’ve seen the aftermath of supply chain ransomware attacks already from breaches like SolarWinds or Texas’ 2019 attack.
On July 2, Kaseya was the victim of a supply chain ransomware attack. It’s perhaps the largest ransomware breach yet. The attack exploited a vulnerability in Kaseya’s software, affecting up to 70 of its customers and compromising up to 1,500 businesses in total.
We’ve been stressing this year how important supply chain security is and how seriously we take it. We see many people discussing the importance of making your network secure, but it is done so in a vacuum of sorts.
How a Supply Chain Ransomware Attack Works
Those discussions are often free of the consideration for what your partners might be doing in the equation. This is a critical misstep in the conversation. Supply chain ransomware attacks are capable of infecting hundreds at once, or in this week’s case, up to 1,500.
The attack started with Kaseya, and then infected its customers that are managed services providers (MSP), which then infected the networks of the customers to those MSP’s.
These attacks are so effective because of the inherent trust many companies give to certain users or businesses. We’ve also discussed this year why it’s important to implement Zero Trust for your business. This is exactly why.
It seems Kaseya made it easier for the attackers by asking customers not to monitor its on-premise “working” folders for malware. Bereft of critical monitoring and situational awareness, combined with the inherent trust given, you have a recipe for an explosive, international supply chain ransomware attack.
Cybersecurity Best Practices in 2021
We talked in last week’s ransomware post about how these attacks are often successful due to a lack of good cybersecurity hygiene. Many affected companies didn’t have cybersecurity best practices in place or were using outdated methods to protect their selves.
As we see the continued rise of ransomware attacks, it’s important that companies are doing their best to make sure they’re keeping the basics covered and their hygiene in peak condition.
The recent Colonial Pipeline attack happened after a compromised password allowed access to a VPN without multifactor authentication. Many other attacks happened through updates not being applied to network devices which opened vulnerabilities that allowed a bad actor into the network. Or others from companies that gave inherent trust to users within its network.
To protect yourself from the continued increases in attacks, you need a cybersecurity platform that will protect you from the weaknesses these attackers target and a supply chain that you build with confidence. Knowing that each business is doing its best to mitigate risk not only to itself, but to the greater supply chains in which it comprises, is critical moving forward.
These considerations mean a security approach with the following features:
- Role-based access to limit what a user can do and even what parts of the network he is aware of, further limiting capabilities with command-by-command grants for absolute control.
- Password management and multifactor authentication
- Configuration monitoring that automatically checks end point configurations to ensure your devices are not being accessed and changed against your will.
- Automated patch analyses to reduce security gaps and ensure you are not vulnerable to known security exploits.
- Logging and situational awareness so you know exactly what is happening on your network and how it is happening.
- Supply chain security diligence from those you include in your supply chain. We did the SOC for Supply Chain examination for this very reason. We take the security of your supply chain very seriously.
- Zero Trust security practices that never trust and always verify access to your network. Many breaches happen due to the castle and moat architecture and assumptions that once a person has been verified, they can be trusted.
With these as your guiding security principles in this new environment of increasing attacks of opportunity, you will significantly reduce your risk from these types of supply chain ransomware attacks.
ConsoleWorks is a cybersecurity operations platform that handles all these security needs for you and comes from a team that understands the criticality of a being a secure partner in your supply chain.