As we mentioned in our SolarWinds SunBurst post recently, every enterprise installs/uses software, applications, and agents these days, procured from well-established companies. These agents/apps run in enterprise devices and the cloud, and are implicitly trusted. But sometimes things go wrong – and it’s on the software supply chain side.
We previously warned that supply chain software problems are not going to stop post Solarwinds. Every organization should create a program for dealing with software supply chain security, making sure that every app, device, and update has a focus on prevention, detection and fast reaction when a threat is identified. We again give emphasis to the 4 points covered in that article in the SolarWinds SunBurst post in this post below.
Kaseya Attack Background
In the most recent ransomware attack, Friday, July 2, cybercriminal group REvil compromised IT software company Kaseya’s products, which help other tech firms manage basic software updates. The compromise affected up to 1,500 companies using Kaseya where REvil has threatened to lock as many as 1 million Kaseya customer devices unless a $70 million ransom is paid.
REvil said that if they received this ransom, they would automatically free all of Kaseya’s compromised devices. The well-known cybercriminal group has allegedly attacked several large companies and organizations in 2021 alone, including JBS S.A. meat plant, Acer (linked to the Microsoft Exchange breach), Harris Federation and more.
Get the latest Kaseya VSA alerts here: https://www.kaseya.com/potential-attack-on-kaseya-vsa/
Get the latest FBI-CISA guidance here: https://us-cert.cisa.gov/ncas/current-activity/2021/07/04/cisa-fbi-guidance-msps-and-their-customers-affected-kaseya-vsa
Devices and Security Defined
Corporate devices defined here need to include not only company-issued-and-managed laptops, IT equipment, and phones. Nowadays with IoT, IIoT, and IoMT also include speaker phones, set top boxes, smart TVs / lights / appliances / cameras, and much more needed to be included in this count. The rapid pace of 5G adoption will further increase risk as we at WootCloud foresee a larger decoupling of users (and their devices) from corporate networks and traditional network-based security over the coming years.
How WootCloud Can Help
Wootcloud’s HyperContext®️ is purpose-built for device and infrastructure security, with powerful machine learning algorithms and policy engine to help detect and remediate highly evasive malware like Sunburst, and can represent the solution for eliminating weak links inside organizations.
At a high level, you can detect and respond to threats earlier with the following:
- WootCloud offers a single source of truth to monitor services/agents
- WootCloud for zero-day threat detection on group anomalies
- Policy-driven automation to quarantine sets of devices
- Policy automation for access restrictions and reinstatement
Details on these are in our SolarWinds SunBurst post from earlier this year.
Where are you in your state of readiness?
Solar Winds estimated that over 18,000 organizations were affected by the Sunburst attack. The Colonial Pipeline attack by DarkSide affected consumer and commercial energy supply for a large area of the Eastern US. More attacks will undoubtedly come.
The challenges of protecting against compromise that starts within your own network were exposed by this exploit are not going away. Many server-side attacks and virtual supply chain compromises have shown all of us that a Zero Trust approach to architecture combined with automated response plans are the right framework to approach security in a cloud-driven world without traditional perimeters.
Considering, implementing and enforcing principles of Zero Trust in your organization require planning, internal cooperation, and vigilance, as well as maintenance of assets and cyber hygiene. WootCloud HyperContext® helps organizations get visibility into all devices and services that could be present and future vectors of attack.
With the device fingerprinting and automated containment, grouping and controlled access, organizations can stay current on all device risks and threats, and automate response as part of your recovery plans both during and after incidents.
To learn more in a zero touch, no obligation Demo or POC, please contact us.