The Kaseya attack has been all over the news recently, and for good reason. The attack served as a reminder of the fragility of our online infrastructure and the importance of cyber security. But this wasn’t all. It also highlighted the rapidly developing abilities of cyber criminals and the increasing risk they pose to our online safety.
We must remember that, whilst developments in technology have incredible applications in doing good for the world, they are just as easily used for less virtuous purposes. So for every medical marvel enabled by a new form of tech, there’s probably a hacker out there somewhere using the same technology to steal money and/or private information.
The good news is that attacks like the one on Kaseya can be prevented. In fact, the Kaseya attack itself could have been prevented relatively easily. I’ve recently found out how, and that’s why I’m here!
Who Are Kaseya And What Was The Kaseya Attack?
You’ve probably heard of the Kaseya attack already, but just in case you haven’t, I will provide a quick overview…
Kaseya is a global company which provides cloud-based IT management and security software to small and medium-sized companies without the scale, infrastructure, or capabilities to develop their own. Kaseya’s product enables IT organizations and Managed Service Providers (known as ‘MSPs’) to deliver IT services to their own customers. These customers, the end users of Kaseya’s services, are usually companies that are too small to have their own IT departments.
Attackers carried out a ransomware attack on Kaseya’s supply chain by leveraging a vulnerability in their VSA software. The hackers were able to acquire and use a certificate which allowed them to access multiple managed service providers (MSP’s) and their customers, affecting up to 1,500 businesses. The hackers were able to paralyze hundreds of businesses on all five continents and across a multitude of industries – from dentists’ offices and accountants to schools and supermarkets. They then stole data from these organisation’s and demanded a $70 million ransom for its safe return (which Kaseya bosses strenuously deny having paid).
How Did The Attack Happen?
Most coverage of the Kaseya attack has branded it a “sophisticated” attack, suggesting that even the best cyber security measures available would have struggled to prevent it. But this just isn’t true. A UK-based company called Arqit has already developed, and made readily available, cyber security software that would have kicked this kind of attack in the butt.
But how, you ask? Let me tell you…
The Kaseya attack, and many other recent attacks, involved the abuse of Public Key Infrastructure (PKI). PKI is the term we use to describe everything involved in the management of public key encryption, the most common form of internet encryption used today. PKI is firmly secured into every web browser we use today, and was developed many years ago as a means to secure traffic across the public internet. Many organizations also deploy PKI as a cyber security measure to secure their internal communications and access to connected devices. This is particularly prevalent in today’s remote working world, where businesses are often relying on the ability of multiple different devices in multiple different geographical locations to access the same central systems and data stores.
The problem is that PKI is simply not secure enough anymore. As the Kaseya attack shows us, it is far too easy for the certificates that allow access to PKI-secured data to be illegitimately acquired. A paper published over 20 years ago highlighted 10 very obvious risks associated with PKI, yet for some reason we’re all still relying on this outdated technology to secure our private information.
How Could The Attack Have Been Prevented?
It seems pretty obvious that an alternative to PKI is required to alleviate the risks it poses to our security. The good news is, there is one.
Some very clever people have developed a different type of encryption which relies entirely on the cloud, alleviating the need for third-party certificates altogether. This solution, known as QuantumCloud™, allows organisations to simplify and strengthen their encryption without reliance on any infrastructure at all. It’s creators, Arqit, say they’re “moving away from a complex PKI infrastructure, and the need to trust third parties” to provide a solution that is designed especially for the world of remotely-connected devices we are living in right now. Put simply, with a solution like this, the Kaseya attack would not have happened.
It is crazy to think that it could be as simple as this, but it also makes complete sense to me that a system developed over 50 years ago is not strong enough to secure the huge piles of complex, sophisticated, and potentially lucrative data that organisations hold today.