Statement Regarding the Kaseya VSA Breach
Dear friend,As you are aware, this past weekend, software vendor Kaseya experienced one of the largest wide-scale ransomware attacks ever experienced globally. But the attack wasn't against Kaseya themselves. It was against their customers: Managed Service Providers.
That terminology may sound familiar because that is precisely how Lighthouse IT Solutions is positioned. To accomplish so much with as few resources as possible, Managed Service Providers (MSPs) like us utilize automation software to monitor and process commands that we've scripted them to perform. This type of software is called a Remote Monitoring & Management (RMM) platform.
By infiltrating Kaseya's RMM offering, which they call VSA, the attackers were able to distribute ransomware to servers and computers managed by the affected MSPs.
Thankfully, the MSP space, although very competitive, is also very communicative. In fact, the CEO of Security Firm Huntress, Kyle Hanslovan, was one of the first to discover the plot and worked hard to contact Kaseya's CEO and the MSP community to mitigate the effects of the attack as much as possible. The quick work and dissemination of information was effective, and less than 0.5% of Kaseya's MSP partners were affected.
Still, we wake up this morning knowing that approximately 60 MSPs worldwide were successfully compromised. Those 60 MSPs represent 1,500 affected businesses and potentially up to 250,000 computers and servers that attackers have ransomed. These are businesses like Lighthouse with clients like you.
My holiday weekend was spent filled mainly with trepidation as I monitored the events unfolding.
Many hear our shouts for improving cybersecurity as just a way to upsell services, but there is a reality present that cyberattacks are on the rise. They are everywhere, and they are calculated. And, sadly, we will always be chasing a moving target.
And while Lighthouse IT Solutions does not use Kaseya for our RMM software, this weekend's event hits very close to home for us - and we would be irresponsible if we chose not to respond.
Since 2018, Lighthouse IT Solutions has been critically focused on securing our infrastructure more aggressively, then began working with clients to do the same in 2019 and 2020. This initiative has not slowed for us and remains a critical focal point for us as we move forward.
I believe that Lighthouse does many things right; we also know there is still more to do. Our organization pushes closer and closer towards being Zero-Trust, a buzzword that effectively means everything needs our direct permission to function within our environments. Our security spend is just a bit over $5,000 every month and is expected to grow to ensure that we are doing everything to protect clients like you. This spend includes security firms like Huntress (the organization that first discovered the attack). Also, independent third-party auditing of our systems by Galactic Advisors will begin later this month as part of an initiative started earlier in June.
I know that many of you may have questions regarding this event, and there are too many answers to fit responsibly within an email. Griffin and I will be meeting for a special podcast to (hopefully) be released Wednesday morning to help you educate yourself and your staff.
Thank you for your trust and your support over all of these years. We desire to earn that trust every day - and I hope that we are successful in as much.
Sincerely,
Matthew Almendinger
Please check out our partners' statement for more info:
REvil uses supply chain exploit to attack hundreds of businesses
Rapid Response: Mass MSP Ransomware Incident
Listen to the podcast here!