Software firm Kaseya had a history of security issues long before the latest one that allowed the biggest ransomware attack in history to occur.
Kaseya went from relative obscurity to being one of the most well-known software firms in the world, thanks to being ground zero for the worst ransomware attack in history. Kaseya makes software used for managed services. As such, it made for a prime target, since compromising its software would open the door to compromising all the companies that rely on its services. Indeed, as many as 1,500 customers were believed to have been impacted.
What has become more apparent since the attack, however, is that Kaseya had a history of security issues, issues that likely made it an even more appealing target. According to The Seattle Times, hackers managed to plant “cryptojacking” software in Kaseya’s tool in 2018, hijacking affected computers for crypto mining.
In 2019, the company’s software was used in another ransomware attack. Experts believe the perpetrators included individuals that later went on to form REvil, the group behind the latest attack. Their experience successfully compromising Kaseya two years ago may very well have played a part in their recent decision-making.
In 2014, the company’s founders sued the company over a dispute about who was responsible for another cryptocurrency scheme.
To make matters worse, none of the security issues Kaseya experienced were some obscure, hard-to-predict issues. In fact, they were all well-understood issues that could have been easily addressed sooner.
“Kaseya needs to shape up, as does the entire software industry,” Katie Moussouris, the founder and CEO of Luta Security, told The Seattle Times. “This is a failure to incorporate the lessons the bugs were teaching you. Kaseya, like a lot of companies, is failing to learn those lessons.”
As more companies continue to rely on cloud services, a single vulnerability can have profound repercussions, impacting thousands of companies. As a result, companies that provide managed services will need to make security their number one priority if they wish to avoid Kaseya’s pitfalls.