Ransomware has Exploded

Business Speak

With the recent attacks on Kaseya, it is more apparent than ever that ransomware attacks have become a prolific problem which IT exports can’t keep up with .  In 2021 the once quite problem has turned into a major security issue nationwide.  With the cybersecurity industry stretched thin, and MSPs doing

everything they can to prevent attacks, it’s hard to be certain that this can't happen to us.  Watch as Joshua Liberman shares his perspective on ransomware, Kaseya and what you can do. 

Josh L July 2021


Video Transcriptions

Josh Liberman  0:07 

Hey Nation Nations Harry here back with Joshua Liberman. Joshua, it only took about two years to correctly, but enunciate your last name, I finally got it How you doing, man?

I'm fine, Harry, thanks very much for your exceptional efforts.

We want to we want to hit the story of the day head on Kaseya. And just you know, your opinion, I realize you don't have any inside information. I don't either justice the topic of the day. So what what do you notice? And I have a couple questions for you. So what's going on? What happens?

Well, what I've pieced together so far, is that not long ago, in the last week, there was the announcement of a zero day or zero days based attacks, currently with two different zero day vulnerabilities that were leveraged. It sounded to me like an injection attack, it was sideloaded, through Windows Defender, very clever stuff. And it would work who was affected, whether on prem people, so anybody ran Kaseya on-prem, was potentially subject to this attack. Because say, for the most part seems like they've done a very good job of being straightforward about this. Some people are arguing about whether they patch their own servers first at the expense of those with their on prem. So they're hosted stuff first. I don't know if that's true, but I presumed that they would be patching those things in real time. As soon as they found out about I think it's all going to boil down to the the discovery and how they basically released the information. But as far as I can tell, they've been forthright. And they've been working pretty diligently. Some of the fears seem unwarranted. I don't know that I've spoken with anybody directly who's been affected by this. And their claims are still that they're in the mid single, double digits, 40 50 60, direct partners, or msps. But then, up the hill from them, people like Synnex were apparently affected as well. And of course, that can affect a whole lot more people. So I don't think we have very many big answers. But I think one of the takeaways is that, once again, we have to do all the diligence, but there's not enough we can do as msps and individuals to be certain that this can't happen to us. Obviously, solarrings was penetrated and now Kaseya. In the past, others, various remote control facilities have been penetrated. And weaponized, it's hard to imagine and they won't effectively reach just about everybody. last hours discussion was will every vendor eventually be penetrated? Yes, that would probably be true. But I think what's more likely is that enough of them will be penetrated those with marginal practices, or when there's insider information or insider placements. Eventually, a lot of them will be but I don't think we'll have an industry long enough for every better to be penetrated. I think there'll be fundamental changes before that happens.

Yeah. Yeah. Let's talk about the bad guys now know what a channel is the MSP The one who, you know, 2 dozen, 3 doze,m 4 dozen  clients, right? So if you can, if you can use the MSP as an attack vector. I mean, we've had this talk, I've had it with you another analyst, probably the last couple of years. This just got real. This just got real Kaseya is now a word on the national news. And any any thoughts on that? I mean, it is, you know, the bad guys, they they're smarter than they look, man.

Wow. They look, they looked pretty smart to me. 22 years ago, when I actually met him, when we were still toying with, should we get an email address at our federal organizations that were already organized, sponsored, trained groups of hackers working in various foreign nations trying to figure out how to weaponize the world's largest network, which is what the internet was. When I first started to play around in the early 90s 92 93. I was at Dooley I had access to DARPA net, and I also discovered a web browser, which I think was 93. But I was using getting put commands, and I was downloading and reading papers from universities all over the country was fascinating. And eventually, I think leaving hope was the first overseas location. But I was starting I could gain access to all these things. And even back then I thought, jeez, this seems unwise. I can I can put documents places I get them. I can do searches for these things. And indeed, it wasn't very Much later than that, certainly by 94, that we started starting to really worry about this military systems. We're not on that same network and scatto for what it was back then was not on that same network. So it wasn't that we were foolish, but we didn't stay ahead of the curve. Yeah. And I want to stress that Kaseya is just the name of the week solar winds was the name of the week for about a month, not long ago. And revel or are evil folks that are, at least we understand to be behind this attack. The JBS attack and I think Don't hold me to this. But I think they were determined to be beyond behind the attack on can't even think of who it was now the week before JBS meat back then. Anyway. They are slowly on

Harry Brelsford  5:48 

colonial pipelines.

Josh Liberman  5:49 

Yeah, thank you. They aren't technically state sponsored actors. It's very hard to know, Russia is a very opaque place that the best of times, and these are not the best of times. It's hard to know if they're actually state sponsored, but they're certainly state tolerated and, and I was alluding to, I once visited, what was at the time, the largest building in the world. And it was full of people getting on the internet, learning how to attack people getting on the internet. That was twenty two years ago. It's I'm sorry, that was 27 years ago, holy crap. It's we're behind the curve. There's no two ways about it. I just as much as I am scared and frustrated by what's happening, Kaseya  I want to make sure that we don't make we don't want to turn to Kaseya , the Q tips or Kleenex of their category, right? This. We don't want to start calling this Oh, they got to say, Fred, because it's going to be somebody's friend, the

CEO Fred Voccola, I consider Fred a friend over it, because he's, he's having a rough, he's having a rough one. Hey, I got to bring this in for a landing. Name, your next show that people can go to and meet up with there. Where are you going to be?

Well, I got to this month in the 21st through 23rd. I'll be in Chicago. 22nd is the full day for that ASCII event. They're having Lincoln Shire outside of Chicago. And the week following I'll be at the telerik event, which is a telecom master agent. Task event I'll be attending and shooting headshots and at the telerik event, I'll actually be attending and working for one of the vendors and IT security there. He calls it being a booth babe, I'm going to call it a spokesmodel. But anyway, I will be working at their table and speaking for them. So that's, that's in San Diego, by the way, and a different kind of event than most of our IT industry. It's more of a telecom at that.

It is alright my friends. Take care of Thanks.

Sure. Thank you.