Tag Archives: Kaseya

July 24, 2021 · 07:11

The New business

The BBC informs us(via another route) that there is a new business in town, this business works on the old premise of the bully and the backstabbing method called Ransomware. Now, this method was not unknown, we have seen it before, yet the article (at https://www.bbc.co.uk/news/technology-57946117) called ‘Ransomware key to unlock customer data from REvil attack’ gives us “US IT firm Kaseya – which was the first to be targeted earlier this month – said it got the key from a “trusted third party”.” Yes, this might sound true, but I still have an issue here. And the quote “Kaseya’s decryptor key will allow customers to retrieve missing files, without paying the ransom. The company’s spokeswoman Dana Liedholm declined to answer whether Kaseya had paid for access to the key”, I get it, Kaseya accepts that there is a cost to doing business, without the key they are helpless, but in this instance they have also given voice to the new business. This is not on Kaseya, ransomware is a much larger stage and the law is not ready to deal with it. So when we get “But members of the group disappeared from the internet in the days following the incident, leaving companies with no way of retrieving the data until now”, I think that it was not merely fear. I think that they found a weakness in their armour and they needed to fix it, perhaps the FBI and NSA got too close? It is speculation, but I reckon that any hacker inviting the wrath of the NSA has something to fear, only the stupid do not fear that hunting machine. So when we get to the jewel of the article, a setting that describes a few elements by Joe Tidy (Cyber reporter), we see “Firstly, giving away the key now is far too late for most of the victims of this massive ransomware attack. Secondly, the mystery gifter was most probably linked to – or working with – the criminals directly.” I feel that he is on the right track, I get that Kaseya prefers the term ‘trusted source’, but that does not put Kaseya in the clear, moreover, as I reported the massive bungles that were made and the lack of oversight within Kaseya gives them a reason to cooperate with organised crime, but not a right, a right to do that is a form of treason towards ALL their customers and as Joe said it “giving away the key now is far too late for most of the victims of this massive ransomware attack”, if you doubt that call Coop (at +46107400000) and ask them the damage of 500 supermarkets shutting down, as well as a loss of data. And then Joe gives us the gem at the heart of this “I’m told by a hacker who claims to be a part of the inner circle that it was “a trusted partner” who gave the key away on behalf of the group’s leader, who calls himself Unknown. My contact says it’s all part of “a new beginning”.” I understand that this is hard to swallow and optionally it is a form of bragging, but I am not convinced that this is the case, as Joe gives us “it could well be the start of something else”, yes that has the ring that sounds true. It is the start of a new business venture and Kaseya is merely the pilot. In this we have two sets of minds, the first is that the shortsighted greed drive of Kaseya (as I discussed it in ‘Dream number three’, at https://lawlordtobe.com/2021/07/06/dream-number-three/) needs to have consequences. The dominant sales types with their ‘we’ll fix it down the road’ can no longer be allowed in this industry. The second part is that we have no choice but to return to a stage of targeted killing, and I do not care whether one of the hackers is a poor little 16 year old person hiding behind  ‘minor protection laws’, they guilty they get the $0.17 solution (price of a 9 mm bullet). We have no choice, the law did nothing for too long, giving hackers pass after pass as they ‘claimed’ that it was the only way. Well, so far it did nothing for a lot of people spanning a timeline that is a little over a quarter of a century, it is like an armistice race with too many casualties and the law merely shrugging at the damage that was not theirs. With Kaseya a large corner is turned and Kaseya partially has itself to thank for that. And in all this is has become time to recognise that Kaseya is not merely a victim (no matter what Dana Liedholm tells us), it did this to themselves as the source in the other article “were helping Kaseya plug the hole long before the hackers found it”, as such the ‘we’ll fix it down the road’ no longer holds water, especially as we take tally of the victims that are victims because of the shortsightedness of Kaseya. And they are not alone, there is every indication that the Microsoft exchange group and Solarwinds are part of that same stack. I have personally seen how the needs of proper testing took a back seat to Marketing and the board room drive of greed in more than one instance and that too needs to be addressed, yet I feel that the media will paint over that part with articles in emotional ways, their stake holders will not allow that to be any other way, adhering to their bonus whilst relying on marketing and sales to set out a new path based on ‘we’ll fix it down the road’, should Joe Tidy be correct (and I believe he is), we will soon see a new wave of REvil attacks and the law will be on the sidelines, as will governments all pointing at one another, all whilst keeping their ‘friends’ out of the line of fire.

It is merely my look on things, and I expect to be proven correct before the end of 2021. 

Advertisement

Leave a comment

Filed under IT, Science

Tagged as , , , , , , , ,

July 19, 2021 · 11:56

The devil rang

This is too good, I had just finished yesterday’s article and the Guardian gives me ‘Spyware can make your phone your enemy. Journalism is your defence’, in this that I have some troubles accepting that journalism is my defence, they are al about circulation and satisfying their shareholders and stakeholders (optionally advertisers too). But the article came at the right moment, even as this is about Pegasus and the NSO group. Whenever I look back at the title ‘Pegasus’ I think back to Pegasus mail and windows 3.1. It is a reflex, but a nice one. So, the article gives us “The Pegasus project poses urgent questions about the privatisation of the surveillance industry and the lack of safeguards for citizens”, which is nice, but Microsoft, Solarwinds and Cisco made a bigger mess and a much larger mess, so pointing at Pegasus at this point seems a little moot and pointless. (Microsoot’s Exchange anyone?)

Yes, there are questions and it is fair to ask them, so when we see “This surveillance has dramatic, and in some cases even life-threatening, consequences for the ordinary men and women whose numbers appear in the leakbecause of their work exposing the misdeeds of their rulers or defending the rights of their fellow citizens”, yes questions are good, but the fact that millions of records went to the open air via all kinds of methods (including advertiser Microsoft) is just a little too weird. And it is not up to me, it was The Hill who asked the people (5 days ago after the Kaseya hack gone public, the larger question that actually matters ‘Kaseya hack proves we need better cyber metrics’ and they are right, when we see “Once “infected”, your phone becomes your worst enemy. From within your pocket, it instantly betrays your secrets and delivers your private conversations, your personal photos, nearly everything about you” we read this and shrug, but at this point how did a third party operator (NSO group) get the data and the knowhow to make an app that allows for this? Larger question should be handed to both Google and Apple. The fact that the phones are mostly void of protection comes from these two makers. This is a setting of facilitation and a lack of cyber security. The NSO group decided to set a limited commercial application (more likely to facilitate towards the proud girls and boys of Mossad) and they took it one step further to offer it to other governments as well, is that wrong?

So when we see “All of these individuals were selected for possible surveillance by states using the same spyware tool, Pegasus, sold by the NSO Group. Our mission at Forbidden Stories is to pursue – collaboratively – the work of threatened, jailed or assassinated journalists”, if that were true, we would see a lot more articles regarding the 120 Journalists jailed in Turkey, not to mention the 60 journalists that were assassinated (read: targeted killing exercise) there as well. The papers are all about a journalist no one cares about (Jamal Khashoggi) but the other journalists do not really make the front page giving pause and skepticism to “the work of threatened, jailed or assassinated journalists”, my personal view is that the advertisers and stake holders don’t really care about those lives. Then I have issues with “This investigation began with an enormous leak of documents that Forbidden Stories and Amnesty International had access to”, was it really a leak, or did one government take view away from them (by Amnesty International) and handed it towards the NSO group? A list of 50,000 numbers is nothing to sneer at, as such, I doubt it was a leak, it was a tactical move to push the limelight away from them and push it somewhere else. As we consider Kaseya, Solarwinds, Microsoft and Cisco, the weak minded democratic intelligence players from the Unified Spies of America come to mind, but I admit that I have no evidence, it is pure speculation.

And then we see the larger danger “But the scale of this scandal could only be uncovered by journalists around the world working together. By sharing access to this data with the other media organisations in the Forbidden Stories consortium, we were able to develop additional sources, collect hundreds of documents and put together the harrowing evidence of a surveillance apparatus that has been wielded ferociously against swaths of civil society”, who did they share access to? Who reports to another faction that is not journalism or is purely greed driven? In this, the article (at https://www.theguardian.com/world/commentisfree/2021/jul/19/spyware-can-make-your-phone-your-enemy-journalism-is-your-defence) gives us one other gem, it is “not to mention more than 180 journalists from nearly two dozen countries”, as such we see 0.36% of the data is about journalists, so if I was to look at a slice and dice dashboard, how will these 50,000 people distribute? So when we see “If one reporter is threatened or killed, another can take over and ensure that the story is not silenced”, yes, how did that end up for those journo’s in Turkey? What about outliers in data like Dutch journalist Peter R. De Vries? He is not getting the limelight that much in the last three days, you all moved on? You pushed the limelight towards Jamal Khashoggi for well over a year, who achieved less than 0.01% compared to Peter R. De Vries. I reckon that this article, although extremely nice is there to cater to a specific need, a need that the article does not mention (and I can only speculate), but when we see all this holier than though mentions and we see an inaction on Turkey’s actions, as well as a lack of news regarding Peter R. De Vries, I wonder what this article was about, it wasn’t really about the NSO group and Pegasus, they are mentioned 4 and 7 times, the article was to push people towards thinking it is about one thing and it becomes about the 0.36% of journalists in a list of 50,000, all whilst the number is mentioned once in the article without a breakdown. Someone else is calling, when you answer, just make sure the local number is not 666.

Leave a comment

Filed under IT, Military, Science

Tagged as , , , , , , , , , , , ,

July 7, 2021 · 23:18

Dark side of the Jedi

Yes, I guess that George Lucas really had no idea that this would hold for well over 45 years, but that happens when you become the real innovator. In this we recognise innovators, but the path of one is often dangerous, perilous and it only works when the competition is at your heels. Consider that Star Wars came out when we had The Omen, Taxi Driver, All the presidents men, Rocky, Saturday Night Fever, the Duellists. All excellent movies, all driving the others to do better, that is why it works, so when I see “reversing the Trump-era award to Microsoft Corp and announcing a new contract expected to include its rival Amazon.com and possibly other cloud players” I merely wonder how stupid Trump actually was. To give $10,000,000,000 to Microsoft when they screw up their console position and hand the number two place to Nintendo with the weakest of all consoles, only to likely lose again in the future to the Amazon Luna and possibly even to Netflix? How delusional can you become? Microsoft tried to attack the Apple tablet market and failed miserably again and again, they blew their mobile market and they are trying to create waves for their Azure market, that is the player we want for the U.S. Defense Department? This all whilst we get a day ago “Microsoft has “paused” SQL Server in its Windows Containers project. Microsoft advises anyone interested in running SQL Server in a container to use the Linux root instead”, so basically the two non entries (Google and Amazon) were a better solution off the bat?

So, this Jedi (aka the Joint Enterprise Defense Infrastructure) is off to a rocky start. I had never expected to be any commander in chief so delusional that they would hand the contract to one player, all whilst better solutions (in the worst case merely equal) would be considered without proper vetting? I am not stating to merely give it to Amazon or Google, that is why vetting is an important process, yet in all that, Reuters (at https://www.reuters.com/article/us-microsoft-pentagon-jedi/pentagon-hits-reset-on-trumps-10-billion-cloud-deal-welcoming-new-players-idUSKCN2EC1YY) gives us “The company cited a 2019 book that reported Trump had directed the Defense Department to “screw Amazon” out of the JEDI contract”, is this how Americans see their national defence, as an ego driver? It would be one thing if Microsoft is the better party, but that hasn’t be the case for some time. 

So when I see “the plan would likely involve a direct award for “urgently needed” capabilities and then a “full and open” competition for multiple suppliers by early 2025”, which we get from John Sherman, acting chief information officer for the Defense Department. My issue here is that when I see ‘urgently needed’, I also remember the joke (not a funny one) that the Zumwalt class represents and the billions spend there, then there are a few more projects, all with pressing needs. And whilst we are getting towards it, the entire Kaseya and Solarwinds debacle shows the larger pressing matter. Security matters! And the matter of security can never be properly investigated if it is appointed to one player, one debatable player mind you. I am not stating that security at Google or Amazon is better, but the Exchange issues, which we get from ZDNet in April shows us “Four zero-day vulnerabilities in Microsoft Exchange Server are being actively exploited by state-sponsored threat groups and others to deploy backdoors and malware in widespread attacks”, this doesn’t mean that Google and/or Amazon is better. But the debate is on and Microsoft lost top dog and pole position years ago, they are merely in it to remain mediocre, all for the good of the board of directors. They lost to Apple (tablets), then they lost to Google (with Bing), then they lost to Amazon (web services and SaaS) and now surpassed by TikTok (video against China), that is an impressive fail rate. Consider that Bing has a market share of 2.71%, which against Google with 91.95% is slightly too funny for words. 

But this is not about Microsoft, it is about Jedi (all these funny acronyms). So when we consider the dark side of that forceless solution (by Microsoft) and we need to wonder about “the Defense Department also announced its plans for a new multi-cloud initiative known as the Joint Warfighter Cloud Capability, or JWCC. It must provide capabilities at all three classification levels — Unclassified, Secret and Top Secret — and parity of services across all classification levels; integrated cross-domain solutions; global availability including at the tactical edge; and enhanced cybersecurity controls, according to the Pentagon”, not the intent, but the investigative presumption of ‘enhanced cybersecurity controls’, both Solarwinds and Kaseya showed us that and this field is still widely in development, and sources like business wire are setting the Marke that cloud security will double over the next 4 years, a stage of increased visibility will both increase security and criminal activities, the winner remains unknown at present, even if we acknowledge that REvil has the upper hand, we have no way of knowing what happens tomorrow,  if security comes from innovators there is every chance that Amazon or Google will get there before Microsoft will, even Apple has a better chance of showing innovation than Microsoft in the cloud atmosphere at present. The fact of what happens next will be out soon enough, yet my mind wonders why anyone would be stupid enough to award national defence to anyone without proper vetting.  So when we accept that it was meant as “part of a broader digital modernisation of the Pentagon aimed at making it more technologically agile”, wouldn’t you want to vet to broaden the application of data, the security of the system and the application of security towards data, users and access? There is a reason that SELinux had roots going back to the NSA, this they all wanted to throw away? And the media is merely reporting the news, not questioning that time line? Why is that?

Only the agile and versatile remain superpowers, and the former president was willing to hand over 50% of THAT equation? So consider that what was JEDI (Joint Enterprise Defense Infrastructure) could have become the Darth (Defence Application Reprehensive Technology Hype) defence system. 

Leave a comment

Filed under IT, Military, Politics, Science

Tagged as , , , , , , , , , , , , , , , , , , , , ,

July 7, 2021 · 19:04

Choices by media

We all have them, we all have choices, believes and convictions. The media has them as well and they are entitled to them. I never objected to their choices, I merely want them to have accountability towards their actions. To kick this off, I need to confess. I had difficulties believing Bill Cosby was guilty. I went with what TV fed me, his character, his demeanour and I will admit, I was taken in by all of it. I saw the jokes, I saw the accusations and when we got ‘Bill Cosby released from prison after sex conviction overturned’ my mind went to different locations. I am unsure. Yes, I accept “The court ruled that the prosecutor who brought the case was bound by his predecessor’s agreement not to charge Cosby”, it does not make him innocent, yet why would any prosecutor come with an “agreement not to charge Cosby”? From a legal point of view it strongly implies that the prosecutor had no evidence to begin with. If the evidence was there, that promise would never be voiced by any prosecutor. And this got me thinking on Kevin Spacey. When we see “Kevin Spacey accuser who tried to sue anonymously is dismissed from case” (source: ABC) and we are given “A US judge has dismissed all claims by one of two men suing actor Kevin Spacey over alleged sexual misconduct in the 1980s, after the plaintiff refused to identify himself publicly” that is a voiced 50% loss, 50% went out the window just like that. And that is merely the beginning. The media is now in a much larger stage, a stage of denial and a stage of their big mouths that could land them an 8 figure settlement, optionally 9 figure, but that is a stretch. You see, at the height of the ‘House of Cards’ he was cast out, thrown away and that show was the talk of the town. Now we see the impact of the media and their need for a pound of flesh. So when we consider ABC giving us “The other plaintiff, actor Anthony Rapp, said he was 14 in 1986 when Spacey engaged in an unwanted sexual advance with him during a party at the actor’s home. Spacey, 61, has denied CD’s and Rapp’s sexual misconduct accusations. His lawyers did not immediately respond to requests for comment”. Did it happen?  I do not know, but in legal settings evidence matters, flaming opinions do not. Yet for an issue to wait 20 years until Kevin Spacey has his golden moment sounds off by a lot. And is no one asking what a 14 year old person is doing at a party? There might be a valid reason, there might not be, yet the lack of information in the media makes me wonder. A media that is too much about flaming and too little about informing. So I am not upset with Netflix when we see “Spacey starred in Netflix’s House of Cards before Netflix severed its ties with him after sexual misconduct accusations surfaced in 2017”, Netflix had to protect what was theirs, and there was damage, but in all this the media flamed that damage and when we see “the man known in court papers as “CD” said revealing his identity would cause “sudden unwanted attention” and be “simply too much for him to bear””, I have an issue, this could be a blackmailer hoping to cash in, ‘could be’ being the operative part. More important when we consider ‘10.83 The Sixth Amendment to the United States Constitution provides that in all criminal prosecutions, the accused shall enjoy the right to be confronted with the witnesses against him’, a simple foundation and when I see “Peter Saghir, a lawyer for CD, declined to comment on Thursday” I wonder what had gotten into Peter Saghir. It is speculative of me to think that the case with just Anthony Rapp was too thin to proceed. Yet the media is not looking at that picture or any picture that has the shown image as a picture in picture. And it is Reuters who gives us “Peter Saghir, a lawyer for C.D. and Rapp, declined to comment on Thursday. He has suggested that C.D. might pursue an appeal if his case were severed from Rapp’s”, so he is willing not to be ‘anonymous’ when Rapp is off the charter? It gives us a larger stage that the Rapp case is thin, optionally too thin. And that is when Kevin Spacey will made the 8 or 9 figure claim, he lost that much and that is the ball game and when the media gets that much of a claim, the game changes, the wolves become crying chihuahua’s trying to hold on as much of that money as possible, in a stage where every penny counts, losing over a billion if not well over ten times that much pennies will make them suffer, and with all the BS I have watched over the last decade, the media could do with a little suffering. 

Some people are all about Bill Cosby and Kevin Spacey, I am on the fence because we are lands of law, evidence is part of that and when the media is all about emotional flames, it tends to be the setting for a lack of evidence. Yes, this is speculative, but in that I have been proven right a lot more often than I was proven wrong. 

So what is next? 
When you see the flamed accusations against Spacey and Cosby, all whilst the media is going with excuse after excuse against Ghislaine Maxwell, daughter of dead media mogul Robert Maxwell. It seems that the media seems to be a protective shield for anyone with strong ties to media. So when you see the slams against these two gentlemen and we see ‘SHAMED Ghislaine Maxwell was left “broken” by her “horrendous childhood”’, ‘Ghislaine Maxwell’s prison cell flooding with raw sewage’ and more, yes she is so sad and so broken, but these people cannot afford a ‘$1 million home paid for in cash’, can they? When you have enough money to get a “4,300-square-foot house sits on 156 acres of land, at the top of a half-mile driveway” (source: NBC News), things do not add up. Especially as her daddy forfeited (read: default) on £50,000,000 in loans and went yachting. Yes, poor, poor little Ghislaine. 

Do you see the problem? The media has two measures and none are holding evidence too high and in all this we become the flock that relies on flamed materials, too often devoid of evidence.

So when you see this and we reconsider the hack (Kaseya) and now we add Government Security Info (at https://www.govinfosecurity.com/kaseya-ransomware-attack-this-dramatic-escalation-a-16996), I wonder what is true (I really do wonder) they give us “There’s one big question that hasn’t been answered, says Tom Kellermann, head of cybersecurity strategy at VMware Carbon Black. “Who gave REvil the zero-day?””, yet Fortune dot com gives us “The Dutch Institute for Vulnerability Disclosure said it had alerted Kaseya to multiple vulnerabilities in its software that were then used in the attacks, and that it was working with the company on fixes when the ransomware was deployed”. So one side gives us ‘zero-day’ the other gives us ‘multiple vulnerabilities’, as well as ‘it had alerted Kaseya’. Yet no one will give us how long this was known by Kaseya, how long the issue was out there and for how long Kaseya did too little in protecting their customers? The media is on both slots and the lack of voiced investigations are staggering, so when will we get the real deal, the state of matters drowning in facts and evidence? 

Leave a comment

Filed under Finance, IT, Law, Media

Tagged as , , , , , , , , , , , , , , , , , , ,

July 6, 2021 · 21:38

Dream number three

I am trying to remember something. Yesterday I came up with short story number three, I dreamt the story and the big lines were done, but now I forgot the dream, only fragments remain. A stage where it is about one thing leading to another, I see the ending but I can no longer see the beginning. It is a shared setting that eludes me, and every time I my mind moves back to the story, it is overwhelmed with other facts. It takes me back to yesterday as I was writing the Kaseya story. The BBC is giving us “Researchers from the Dutch Institute for Vulnerability Disclosure found the problem and were helping Kaseya plug the hole long before the hackers found it”, yet if we are to believe ‘long before the hackers found it’ I wonder why Kaseya was continuing on the path they were. More important, if that was really true, why was Kaseya not monitoring the situation 24:7? In my case the story is not completed, I am creating it (almost) on the go. Kaseya is seemingly in a stage where they are in denial. First a few, then up to a 1,000 and now, after other sources give us a stage that sets the premise to up to 100,000, some sources give us ‘Between 800 and 1,500 companies potentially affected by Kaseya ransomware attack’, I get it, it is optional a seesaw that is balancing between optionally managing bad news and the speculative media on the other end of the seesaw. Neither side is overly reliable in my personal view. Yet the BBC gives us “the way the cyber-security world has pulled together to reduce the impact of the attack has been incredible”, you see, I have been involved in IT work since 1982, I have never seen competitors pull together, so the story of ‘the cyber-security world has pulled together’ remains debatable. They are all scared, they wanted solutions faster, automated and cheaper, it is like the house where you can choose 2 out of three, now the choice is nil, because the underlying factors are haywire. In this setting, and yes, this is all speculative. We have a solution that is faster/slower, automated/manual and cheap/expensive. They wanted it fast, but that requires matching hardware and software. This is where ‘plugging the hole’ is a problem, as such there was never a cheap solution. Then there was the automated setting, that is the one that they could pull off, but in a stage where there is too little security, and if ‘long before the hackers found it’ is to be believed, I speculate that the need was manual when the wrong parties opted for automated. And in the third we have cheap and expensive. They needed a solution that was cheap, but they needed a lot more expensive elements. This is ALL speculation, but the setting where we see system after system fail, in my personal opinion is all a setting towards shortcuts and that led to the weakness we now see exploited. I personally believe that players like Kaseya are too plenty and when we see ‘the cyber-security world has pulled together’, we see a stage where they all have a seemingly fat meal, they all get to set a field of limitations for all others and that will have long term repercussions. Microsoft, Solarwinds, Kaseya are examples that how us that the hackers are gaining more and more advantage and that is the larger stage. In this setup hell will get one happy resident and it is not the ruler of hell, I will let you consider who I am talking about and it is not a player that is mentioned in this article, neither is REvil, they seemingly found a gap that they exploited hoping to bank $70,000,000 but the stage is out there and the snippet “were helping Kaseya plug the hole long before the hackers found it” is merely a factor, so how long did the plugging take and why was it not successful? The words ‘long before’ should be an indication. So why are we (clearly) seeing several facts and the hack was still successful? The article is (at https://www.bbc.com/news/technology-57719820) merely one factor, the amount of MSP’s are another and the lack of alarms is a third part. A dangerous setting of cheap, seemingly fast and proclaimed automated systems in a stage where no one was the wiser. Consider a fast automated system without proper alarms and without logs, and that is merely one player using (or claiming to have) cloud solutions. A stage that is no solution (ask COOP in Sweden if you doubt me) and one that hands over cash to organised crime. How much risk are you willing to take with your business?

1 Comment

Filed under Finance, IT, Science

Tagged as , , , , , , , ,

July 5, 2021 · 21:48

Your data or your life!

It is not the dream, not this time. I was persecuted by a Construction AI with diminishing reality capacity, but in the humour side there were a few criminals trying to get away with a golden car (like Goldfinger) and they got in the middle, so there. No, today is about Ransomware. Reuters gives us ‘Ransomware breach at Florida IT firm hits 200 businesses’ (at https://www.reuters.com/technology/200-businesses-hit-by-ransomware-following-incident-us-it-firm-huntress-labs-2021-07-02/). Like the solarwinds issue we see “The attackers changed a Kaseya tool called VSA, used by companies that manage technology at smaller businesses. They then encrypted the files of those providers’ customers simultaneously” and no one, most visibly the media is asking the questions that needs asking. The Microsoft Exchange issue, the Solarwinds issue, now Kaseya. We understand that things go wrong, but as I see it the hackers (read: optionally organised crime) have a much better understanding of matters than the lawmakers and police do, we see this with “encrypted the files of those providers’ customers simultaneously” and that is before we consider that ‘an American software company that develops software for managing networks, systems, and information technology infrastructure’ has the kind of security that can be trespassed upon. And why do I think this? It is seen “The attackers changed a Kaseya tool called VSA, used by companies that manage technology at smaller businesses” and contemplate the issue that this had been happening for the last 5 months. A lack of larger systems as well, and all this continues as the law is close to clueless on how to proceed on this. We see statements like “In their advisory and further incident communications, Kaseya said that only a few out of their 36 000 customers were affected”, yet CNet gives us “REvil, the Russia-linked hacking group behind the attack on meat processor JBS, is linked to the Kaseya attack, The Wall Street Journal reported. Security firms Huntress Labs and Sophos Labs have likewise pointed to REvil”, which gives the law the problem that a member must be a proven member of REvil and that is largely not the case, moreover they have no clue how many members are involved. When one player gives us “We are in the process of formulating a staged return to service of our SaaS server farms with restricted functionality and a higher security posture (estimated in the next 24-48 hours but that is subject to change) on a geographic basis”, all whilst one of the victims is the largest grocery store in Sweden (COOP), the setting of “only a few out of their 36 000 customers” becomes debatable and it will affect the retail stage to a much larger degree, especially when you consider that they are cloud based. I stated in the past (based on data seen) that 90% of the cloud can be transgressed upon. And they are all servicing the larger stage of people dealing with IT requirements on a global scale. Now consider that cloud systems remain largely insecure and beyond the fact that ITWire was giving us “SolarWinds FTP credentials were leaking on GitHub in November 2019” and it was a direct results from someone who thought that ‘solarwinds123’ was a good idea. Oh, I remember a situation involving Sony and stated that there might be an issue that someone (I implied the Pentagon) had a router with password ‘cisco123’, I did that in ‘The Scott Pilgrim of Technology’ (at https://lawlordtobe.com/2019/05/23/the-scott-pilgrim-of-technology/) in MAY 2019, and did anyone learn anything yet? It is now 2 years later and still we see these levels of transgressions? Some might say that IT firms are helping REvil get essential revenues, some might say that these IT firms got themselves in this mess. So when we look at some firms relying on ‘Five years of experience for an entry-level job’, or perhaps “Any of the following will be grounds for immediate dismissal during the probationary period: coming in late or leaving early without prior permission; being unavailable at night or on the weekends; failing to meet any goals; giving unsolicited advice about how to run things; taking personal phone calls during work hours; gossiping; misusing company property, including surfing the internet while at work; submission of poorly written materials; creating an atmosphere of complaint or argument; failing to respond to emails in a timely way; not showing an interest in other aspects of publishing beyond editorial; making repeated mistakes; violating company policies. DO NOT APPLY if you have a work history containing any of the above” (source: Forbes). All this in a stage of age discrimination and narrow minded thinking of HR departments. Yes that is the dynamic stage of people that have bad passwords and a stage of transgressions. So whilst we might think it is a stage of ‘Your data or your life’, there is a larger stage where the law has a bigger issue, it has the issue of IT firms cutting cost and having a blasé approach to the safety of their systems, and more important their customers. And whilst ABC New York gives us “The number of victims here is already over a thousand and will likely reach into the tens of thousands,” said cybersecurity expert Dmitri Alperovitch of the Silverado Policy Accelerator think tank. “No other ransomware campaign comes even close in terms of impact” (at https://abc7ny.com/amp/ransomware-attack-4th-of-july-cyberattack-kaseya/10859014/) we see a first stage where the statement ‘only a few out of their 36 000 customers were affected’ is as I personally see it marketing driven panic. And that is a much larger case. I get that the firm hit does not want too much out in the open, but between a few, 2% and optionally a stage that could go beyond 27% is a setting too many are unable and too uneasy to consider. And when we see that 27%, do I still sound too ‘doomsday’ when I state that there is a much larger problem? And when we see the media go with ‘MSPs on alert after Kaseya VSA supply chain ransomware attack’, all whilst I stated a few issues well over 2 years ago, they should have been on the ball already. I am not blaming the MSP’s, but I do have questions on how their systems are so automated that an attack of this kind (the stated 1000+ customers hit) all whilst some sources state 50 MSP’s, there is a stage where triggers would have been there and the alarms were set to silent because some people might have thought that there were too many false alarms. This is a different stage to the larger playing field, yet I believe it needs to be looked at, especially when the damage can be so large. I am not certain what work lies ahead of the hit customers like COOP that had to close down 800 supermarkets, but in all this something will have to give. 

Leave a comment

Filed under IT, Science

Tagged as , , , , , , , , , , , , , ,