The ransomware attack on Kaseya shows the need for network surveillance for small and medium-sized businesses as well. Too often, SMEs assume that they are not a target for hackers.
“In the largest ransomware attack ever observed, the attackers used a zero-day vulnerability in the unified management software VSA from Kaseya for a serious break into numerous systems. The targets included managed service providers and their small and medium-sized customer organizations. The attack was apparently aimed primarily at on-premise servers, which many SMEs expect security from: According to Huntress Labs, hackers exploited previously unknown arbitrary file upload and SQLi code injection vulnerabilities, then circumvented authentication procedures and obtained them Access to the server in order to activate your encryption software later.
Attacks don't just hit large companies
As with the Solarwinds attack, the attackers used Kaseya as a legitimate springboard to hit a wide variety of victims. Large companies with their own IT security teams and tools may in many cases still have the means to proactively look out for the resulting dangers slumbering in the company network and to contain the damage.
Many small and medium-sized companies, on the other hand, still often assume that they will not be a target for hackers. You therefore only protect yourself with endpoint security solutions and firewalls, which are largely ineffective against such sophisticated attack paths. You can see the Kaseya hack as a wake-up call that you need to look into the network to stay safe. It is also necessary for small businesses to keep an eye on both incoming and outgoing traffic (north-south traffic) and all internal traffic (east-west traffic). That sounds harder than it is. Suitable solutions automatically discover and monitor all network resources, discover deviating behavior patterns and thus uncover seemingly harmless behavior in order to identify and block zero-day attacks. "
ForeNova is a US cybersecurity specialist who offers medium-sized companies inexpensive and comprehensive Network Detection and Response (NDR) to efficiently mitigate damage from cyber threats and minimize business risks. ForeNova operates the data center for European customers in Frankfurt am Main and designs all solutions in accordance with GDPR.