Kaseya announced that it had become the victim of a cyber attack on July 2.  It appears that the attackers carried out a ransomware attack by leveraging a vulnerability in Kaseya’s VSA software.  According to Kaseya CEO Fred Voccola, less than 0.1% of the company’s customers were included in this incident.  The attackers are now asking for  $70 million to repair the breach. There appears to be  growing trend in attacks and we have to ask ourselves who will be next.  Carl Katz joins us to share his knowledge on the attack and his predictions for the future.

 

Video Transcription

Harry Brelsford  0:06

Hey Nation Nation, Harry here back with my main man Carl Katz north of the border in Vancouver, BC How you doing?

Carl Katz  0:16

Great, Harry, how are you?

Harry Brelsford  0:19

Good, good. Well, hey, I just want to jump right into it. You’re the first analyst that we’ve had a chance to talk to about the the mid year hack breach of the Kaseya platform. So first of all, maybe you could share what what are the facts is, you know, um, what are your thoughts? And then I have 100 questions.

Carl Katz  0:40

Well, I mean, I spent yesterday on two different webinars. And one went in the second one was a hunter’s webinar went into the technical details. And the first one was just an overview of, of the breach, but I mean, it was it was bad enough that like, our peer group was actually working last week on print nightmare. And this totally eclipsed, it totally eclipsed it. So I don’t know, anybody I know could say is, you know, forcing these I don’t anybody personally, who’s on Kaseya uses Kaseya. You know, I know that I looked at it myself many, many years ago. But I said, but man, like, What a nightmare, you know, waking up and finding out that that, you know, you’ve been you’ve been breached? Um, yeah. And, and I’d say, you know, Kyle Hanselman, who’s one of the founders, a Huntress was asked yesterday, you know, they asked the question, because it was a roundtable, who do you think is going to be nest next? Well, you know, Solar winds has been hit already, and has been hit in these majors. So, you know, they think it’s going to be one of the new ones, one of the new RMM providers. But yeah, it’s just, it’s just, it’s just really sobering. And somebody said that every time that happens, I want to close up shop and open up a frozen banana stand.

Harry Brelsford  2:15

Yeah, I yeah, my joke has always been I want to own an overhead garage door franchise, right? It’s it’s repeatable, truly scalable, right. You know, and just, just ride ride it out.

Carl Katz  2:32

The facts are, is that in a typical ransomware play, and, you know, the whole big sea change has been persistence, you know, life lifelabs, which is a local testing, medical testing, concern, got hacked, and they pay the ransom. And I asked myself, I was about a year and a half, two years ago, I go, man, like, Don’t they have don’t these people have backups. And then in the past year, I found out that, you know, they establish these ransomware guys, they establish persistence, encrypt backups, and by the time they send the first note, it’s like, you’ve got like, a year’s worth of backups encrypted. So you know, that’s, you know, that’s, that’s the big change in the past couple of years. And it’s just, it’s really, it’s, it’s, it’s, I hate to use the word but it’s scary, Harry, it’s really scary.

Harry Brelsford  3:32

Yeah. It is. Well, a couple of thoughts one, and there’s a question or two in here somewhere. But first of all, I’m on national TV, probably yours as well. But, you know, Kaseya has now become a word in the media, like solar winds, right? But they kept mispronouncing it, like on ABC, they call Cassie. Or, you know, they didn’t say Kaseya. They had variations. And I’m just like, going crazy. But you know, just from an executive point of view, that’s talk about scary. That’s Fred, the CEO of Kaseay, Fred Voccola, I think is his last name. He’s having a bad couple days. I mean, this is, you know, this is a kingdom, my childhood, I had a front row seat in my younger years to the Exxon Valdez B’s. And I mean, this is kind of what you know, disaster. communications are about right. So now to say his turn number two. Now, interesting how talks I’ve had with you we’ve had with other analysts about the MSP, you know, the bad guy is now know what an MSP is. And the MSP is the one who speaks to many small customers, right. Yeah. So the attack vector, and you know, Carl, that that talks been going on a couple of years and we’re all just kind of like, yeah, you know, I know about the the the handful of Schools in Texas that got hit by that one MSP. And I think that was a connectwise MSP and I’m in no way indicting connectwise. That was just as how he identified himself. Right. And got hit. And so that’s interesting to me. I’m still collecting the facts. I believe there’s more facts to come on the Kaseya. situation because you know, I’m hearing $70 million ransom. I’m hearing hundreds of 1000s of attacks. Yeah. Yeah, hearing that, really not that big. What, how are you sorting out what the actual scope of this is?

Carl Katz  5:36

Um, well, like I got a good sense of it yesterday on the webinar, and actually, it’s relatively it’s only 1500 to 200 customers that got hit, which I mean, one customers too many. But what I was getting at before is, they did not seem to encrypt any backups. So the advice yesterday was restore from July 1, because they’re, you know, they are able to restore all these, you know, msps, and clients are able to restore that said, someone who has, you know, when MSP with 50 clients is going to be swamped, and it’s going to take them weeks and weeks and weeks to restore. But I think that and I think that they said it was sloppiness, and because of their sloppiness, the ransomware the threat actors, everyone dodged the bullet. Really. Yeah. So

Harry Brelsford  6:32

and, and I concur. You’re gonna see more I hadn’t thought of it in terms of the new RMM platforms. I thought a bit more of the you know, top five platforms names you and I know that I, I’ll tell you, if I were with one of those ISVs and the top five MSP platform world i’d who this would have my full attention. It’s not a matter of will we be hit I think you need to wake up and say when. Will we be lonely?

Carl Katz  7:04

Absolutely. Yeah. It’s called the assume breach mentality. Yeah.

Harry Brelsford  7:10

Yeah, exactly. Well, hey, I appreciate you leaving this off and talking about the Kaseya hack, you know, and we’re not done with the story. I mean, when we circle back to your periodically,

Harry Brelsford  7:23

again, I don’t mean to be a wall street bear, but I wouldn’t be surprised if there’s another attack, and we can talk about it. So there we go. All right, man. Always a pleasure, Harry. Thanks, Carl.