Hackers have just carried out one of the largest known supply chain cyberattacks. According to the Financial Times and the Wall Street Journal, IT management software company Kaseya was the victim of a ransomware attack that compromised its VSA remote maintenance tool.
The company initially claimed that “fewer than 40” of its customers had been directly affected, but security response firm Huntress said three managed service providers it worked with had also been compromised by the attack, compromising over 200 businesses.
The figure could be higher. Huntress stated that eight cloud service providers were affected, with many more potentially affected. Coop, a Swedish supermarket chain, closed nearly 800 stores after one of its contractors was targeted.
Kaseya stated that it had identified the likely source of the security flaw and was working on a patch that would be “thoroughly tested.” In the meantime, the company advised all customers to shut down their VSA servers and keep them offline until the update could be installed.
Customers of software-as-a-service were “never at risk,” Kaseya added, though the company disabled that functionality as a precaution.
It’s unclear who is behind the attack, but Huntress linked it to the Russia-linked REvil group that attacked beef supplier JBS.
The incident is the latest in a series of high-profile ransomware attacks, which have also targeted JBS and Colonial Pipeline. It also comes on the heels of large-scale SolarWinds breaches attributed to another group, Nobelium.
Online security is rapidly becoming a major issue in the supply chain, and it is unlikely that these issues will go away anytime soon.
Kaseya’s breach also highlights the risks of relying too heavily on a single company’s software platform. While the number of directly affected customers is small, the supply chain network appears to have caused a ripple effect that harmed numerous companies further down the line.
The situation may not improve until either Kaseya-like providers tighten their security or there is more competition, which reduces the potential damage caused by Hackers.