Hackers just perpetrated one of the largest known supply chain cyberattacks so far. The Financial Times and Wall Street Journal report that IT management software giant Kaseya has fallen victim to a ransomware attack that compromised its VSA remote maintenance tool. The company initially claimed that “fewer than 40” of its customers were directly affected, but security response firm Huntress said three managed service providers it worked with had also succumbed to the attack and compromising over 200 companies.
The number could be higher. Huntress noted there were eight affected cloud service providers, potentially affecting many more firms. Swedish supermarket chain Coop closed almost 800 stores after one of its contractors became a target.
Kaseya said it had identified the likely source of the security flaw and was developing a patch that would be “tested thoroughly.” In the meantime, though, the company urged all customers to shut down their VSA servers and keep them offline until they could install the update. Software-as-a-service customers were “never at-risk,” Kaseya added, although the company took down that functionality as a precaution.
The incident is the latest in a string of high-profile ransomware attacks, including JBS and Colonial Pipeline. It also follows the large-scale SolarWinds breaches attributed to another group, Nobelium. Online security is quickly becoming a major issue in the supply chain, and it’s not clear these problems will disappear any time soon.
Kaseya’s breach also reflects the dangers of relying heavily on one company’s software platform. While the number of directly affected clients is small, the supply chain network appears to have created a ripple effect that damaged numerous companies down the line. The situation might not improve until there’s either tighter security among Kaseya-like providers or more competition that reduces the potential damage.