The Kesaya ransomware breach was one of the most disruptive breaches ever recorded. Over 40,000 organizations were directly or indirectly affected by the software hack all over the world, forcing many companies to go offline until a patch is pushed through.
The hack, perpetuated by the Russian back group Resevil was the result of two of the most used tactics in cyber warfare, supply chain attacks and ransomware. In the former, hackers were able to infiltrate, through phishing and other types of social engineering, the various networks in the chain. This is part of the reason why so many were indirectly affected; they were using infected software somewhere in their supply chain. [1]
Then once they had infiltrated their VAS service network, they set up ransomware which locked down the servers until the ransom was paid. In this case, they want $70 Million in cybercurrency. The preference for currency is simple, its untraceable which is valuable in their line of work. The damage caused by this hack is still being evaluated but one of the biggest victims was a supermarket chain in Sweden being unable to use their registers due to using an affected server.
With high profile breaches such as this, the Colonial Pipeline, Microsoft Exchange and Solarwinds, hackers are becoming more focused on the supply chain attacks and people are understandably nervous about future hacks. Malicious actors will continue to target vital public and private infrastructure. Use this time to review your cybersecurity protocols and your coverages.
For more information about our Cyber Policies:(Link)
[1] https://www.forbes.com/sites/martingiles/2021/07/03/ransomware-attacks-sparked-by-cyberattack-on-kaseya/?sh=4e7335c62dab
