Aftermath of Kaseya Ransomware Attack Promises to Be Lengthy – And Costly

The Virtual System Administration (VSA) platform from Kaseya that so many managed service providers (MSPs) rely on to provide IT services to thousands of customers may be back online this week, but the recriminations may be just beginning.

The root cause of the ransomware attack made against the platform by cybercriminals affiliated with the REvil ransomware-as-a-service platform appears to be a series of known vulnerabilities that Kaseya failed to patch (see Kaseya Breach Shakes Faith in ITSM Platforms).

Kaseya has promised to set aside millions of dollars to help MSPs financially recover from the VSA platform being made unavailable to all customers for more than a week.

Less clear is how much additional liability might stem from the attack itself. Many contracts with end customers have stipulations that limit liability for outages. However, that might not prevent end customers that were impacted by the attack from filing lawsuits to, for example, compel an MSP or even Kaseya to pay the ransom required to recover their data.

Will customers, MSPs look for new providers?

In the meantime, many end customers and MSPs alike are at the very least evaluating their IT service management (ITSM) options. The challenge they face, however, is that the time, money and effort required to replace an installed ITSM platform is considerable. There are, of course, a number of cloud-based options that could be employed, but even the cost of switching in many cases is simply too high. No matter how IT services are delivered, the platforms employed are all targets, says John McKenny, senior vice president and general manager for intelligent Z optimization and transformation at BMC. “Everything is under attack,” he says.

Even if an organization or MSP could move to another platform there’s no guarantee that new platform would not be the focus of the next attack, says Randy Watkins, CTO of CRITICALSTART, a managed security services provider. “It’s better to have the evil you know versus the evil you don’t,” he says.

Arguably, for the moment following the most recent security review, the Kaseya platform may be the most secure ITSM platform.

Longer term, of course, both MSPs and the organizations they serve may opt to go in different directions when it comes to an ITSM platform. There’s no doubt Kaseya will have its work cut out in terms of convincing both new and existing customers to remain loyal. Kaseya is being roundly chastised for failing to patch known vulnerabilities that the cybercriminals were able to exploit. At the same time, questions are being raised about the specific processes the company employs to update the on-premises IT environments that were the primary focal point of the attack.

Third-party auditors, MSSPs may gain

Despite those criticisms, instead of replacing ITSM platforms, many MSPs and their end customers are in the short term opting to audit more rigorously the ITSM platforms they employ as part of an effort to make the platform they already have in place more resilient. The challenge most end customers face is they don’t have the tools or expertise required to conduct those audits. They would have to contract a third-party with IT security expertise to assess the ITSM platforms they rely on. The irony, of course, is the misfortunes of one sector of the IT channel is creating opportunities for another.

MSPs, in the meantime, may also want to consider making stronger alliances with managed security services providers (MSSPs) that have the level of expertise required to secure an IT environment, says Bruce Snell, director for emerging threats and disruptive technologies for NTT Security.

Many MSPs that provide IT services today typically don’t have a lot of depth when it comes to security. They may have some fundamental capability but it’s apparent the sophistication of the attacks being launched against MSPs has increased significantly.

MSSPs that have partner programs provide an opportunity for MSPs to reassure their end customers they are proactively addressing their concerns. Of course, convincing end customers they should pay extra for that security can be a challenge. Many customers assume the managed service being provided is already sufficiently secure. MSPs may find themselves absorbing a considerable amount of cost to provide higher levels of security to end customers at no extra cost when many of them are already operating on razor-thin margins.

MSPs may take some cold comfort in the fact the REvil platform itself was offline this week, but it’s not clear if the cause of that event was maintenance, pressure from a government or some type of cyberattacks launched by a U.S. government that has pledged to respond more aggressively to these types of attacks.

Regardless of the cause of that outage, these latest REvil ransomware attacks should make the IT industry as whole more alert to these types of threats, says Snell. “It’s a good wake up call,” he says. “The trouble with all these calls is nobody seems to be waking up.”

Further reading: What is RMM Software? Remote Monitoring & Management

RELATED ARTICLES

Must Read