Kaseya ransomware attack reminder that attackers still have the upper hand
Last week's Kaseya ransomware attack is a reminder that attackers are still holding the advantage over potential victoms, acorrding to Cybereason.
Hundreds of American businesses were hit Friday by a sophisticated ransomware attack that hijacked widely used technology management software from Kaseya.
The attackers changed a Kaseya tool called VSA, used by companies that manage technology at smaller businesses. They then encrypted the files of those providers' customers simultaneously.
“The global Kaseya attack is a reminder that the public and private sector need to change the way cyber conflict is fought," says Lior Div, CEO and co-founder at Cybereason.
"The truth is that attackers still enjoy the advantage. The goal isn't to block and prevent all attacks -- an operation like Kaseya and SolarWinds demonstrates that's not always possible -- the goal is to quickly detect suspicious or malicious activity, and ensure you have the visibility, intelligence, and context to understand and remove the threat."
Div says modern security companies have the technologies that can end these ransomware attacks.
"I believe it is our job to disrupt these operations. Technology, coupled with public and private partnerships is a step in the right direction to help in this fight against the REvil ransomware gangs and others like them."
According to Div, the focus needs to be shifted from dealing with ransomware after the fact to disrupting the earliest stages of attacks through behavioural detections - this is the operation centric approach to cybersecurity.
"We can't just focus on the ransomware attack - by then it is too late," Div says.
"Look at the earlier stages of the attack when criminals are inserting malicious code into the supply chain for instance. The ransomware is the symptom of the larger disease we need to treat."
Div adds this newest attack will once again start the debate about whether it makes sense to rip and replace legacy computer networks used by public and private sector organisations.
"That simply isn't going to fix the problem. We have spent trillions of dollars on cybersecurity over the past 20 years. And in many ways, we're no safer today. We could spend another $250 billion or $250 trillion and it will only incrementally help. What matters is how the money is spent."
The coming days will reveal the names of companies impacted by the Kaseya ransomware attack.
"We will also learn if companies are meeting the ransom demands of the REvil gang. In general, it doesn't pay to pay ransoms. A recent Cybereason global research study found that 80% of companies that paid a ransom were hit a second time," says Div.
"Overall, paying ransoms only emboldens threat actors and drives up ransom demands. Still, whether or not to pay a ransom is an individual choice each company needs to make.
"Consult with your legal team, insurer and law enforcement agencies before making any decision. In those rare life or death situations, paying a ransom could very well be the right decision.