We trust so much in our organizations — systems, partners, and vendors — for deploying software, monitoring network performance, patching (both systems and software), procuring software/hardware, and performing so many other tasks. A recent ransomware attack used one such system to successfully target thousands of victim companies.
In this most recent example, attackers targeted Kaseya VSA IT Management Software, which was designed to allow IT admins to monitor systems, automate mundane tasks, deploy software, and patch systems. Attackers were able to exploit a zero day to access customer instances of the product and use its native functionality to deploy ransomware to those customers endpoints.
Further compounding the problem, managed service providers (MSPs) use Kaseya software to manage their customer environments. When the attackers compromised Kaseya, the MSPs inadvertently and unknowingly spread the ransomware to their customers.
This is only one example of how attackers continue to abuse trust in unique ways that leaves many security and IT practitioners to wonder, “Why didn’t something like this happen sooner?”