Kaseya ransomware attack
The attack on Kaseya is apparently the latest case of what is considered at this time to be a supply chain attack. Similarly to the Solarwinds incident late last year a large number of entities were potentially infected through compromise of a third party software provider.
Watch our Head of Security Research, Charl van der Walt, commenting on the situation on BBC World News.
What to do if you suspect you are affected
Check IOCs
Kaseya has put up a set of IOCs that you can check on their website as well as some more detailed information.
Keep calm and focus
Establish emergency response procedures and systems, and make sure you have runbooks and alert procedures in place
Review backup & disaster recovery
Make sure your backups are safe and available in case you need them
Prepare support for your employees
Establish a security support hotline and prepare to expand the team providing support
Reach out to CSIRT
In case of an actual attack you can reach out to our Emergency Team. Be aware that in times of global crisis our CSIRT teams might already be booked.
The background
Supply chain attacks do not happen by coincidence. They are the inevitable result of a cyber-climate that is driven by strong systemic forces. Some of these forces can be controlled or at least influenced, others can be prepared for. Understanding what these forces are, and how they are linked, is key in better preparing for the next supply chain attack which we will confront.
Based on the SolarWinds attack we have created a whitepaper that examins these factors in detail.
Download our White Paper: Winds of change- causes and implications of The SolarWinds compromise