​

Kaseya Ransomware Attack And The Benefits Of Centralized Patching

Patch management is one of the most challenging tasks companies have to keep up with when securing their systems. At the outset, it may seem like the simplest thing to do. You just apply the software patches and upgrades if and when they become available. But in reality, it can be a difficult task because it can be overwhelming to keep up with the number of patches coming up every quarter, the downtime involved, the manual work involved to apply patches to each individual system, and so on.

And hence sometimes, companies tend to put the patchwork on hold despite the severe risks of delaying patch updates. One such company which paid a heavy price due to its procrastination was Kaseya, a prominent US informational technology firm.

Kaseya Ransomware Attack

Kaseya found itself the primary target of a disastrous ransomware attack that affected around 800 to 1,500 businesses worldwide. The attack was organized by the hacking organization REvil who demanded a whopping $70 million to unlock the encrypted files.

The attack heavily impacted the supply chain of Kaseya, with the actual number of victims rising. Coop, a Swedish supermarket chain, is one of the worst affected, and it would require a significant amount of time before they can resume their operations. Now all of this nightmare could have been prevented if only Kaseya did the right thing and applied the security patches on time.

Kaseya was well aware of the security flaw named CVE-2021-30116 in their system. This flaw was documented as one of the common ways hackers exploit a VSA on-premise solution to gain illegal access. The hackers, needless to say, readily took advantage of the flaw and used compromised VSA agents to execute their ransomware software on Kaseya’s system.

While this is an unfortunate case of security negligence, one cannot deny that traditional patch management techniques are also partly to blame. By the time it took Kaseya to roll out their patches, the hackers already gained access to their system.

So What Could Have Prevented the Kaseya Hack?

Cloud-based centralized patch management could have easily saved the day. Companies that use centralized patch management services with the help of managed service providers like 3nom fare much better amid such growing cyber-attacks.

An experienced MSP will be the first to access the latest patches through their direct contacts with software providers like Microsoft and Amazon. Once they do, they can push the patch centrally to all their clients’ networks. For many of these clients, this will mean that they get proactively secured without the attack ever occurring. 

However, centralized patching is easier said than done. Not just the systems need to be in place and work seamlessly together, but the reaction time is equally critical to catch the faintest whiff of a possible attack. The prompt and comprehensive proactive patching is made possible by the centralized infrastructure provided by the MSPs.

Here are some other reasons centralized patching is the best solution for enhanced security:

• It automatically downloads the patches
• Allows for automated distribution of patches, removing the human factor or delays
• Easily identifies new patches and applies them as soon as they are available 
• Checks system compatibility and ensures the right patches are applied
• Delivers consistent and accurate reporting on the patch management tasks
• Enables finer control on picking and choosing which patches to apply
• Saves time and resources spent on manual patch management
• Assists with efficient data replication and backup

As you can see, it is essential to have an experienced MSP on your side to keep your security in check. Ready to get started? Schedule your free 30-minute consultation today!