This month, the world of enterprise security was badly shaken, as the Russia-based cybercriminal syndicate REvil launched yet another high-profile ransomware attack. The hackers, responsible for the recent attack on JBS Foods, infiltrated Kaseya VSA, an endpoint protection software solution used by large Managed Service Providers (MSPs). Through the software supply chain, REvil was able to quickly spread to at least 50 of Kaseya’s direct customers, with somewhere between 800 and 1500 small-to-medium sized businesses further down the supply chain.
This is not the first such attack, though it is REvil’s most ambitious (and successful) to date. Over the past year, we’ve endured SolarWinds, Colonial Pipeline, JBS Foods, and now Kaseya. This seemingly endless litany of supply chain-centric cyberattacks grows every week. As it does, companies and governments are simultaneously dealing with a host of other disruptions like COVID, the Suez Canal blockage, Brexit, international trade disputes, and more.