Kaseya’s staff sounded the security alarm years before the attack on Ransomware

by -
Photo: Jack Guez (Getty Images)

techno.rentetan.com – Employees say that they stop being frustrated or are being fired at glaring, unknown cybersecurity problems.

For years, employees warned Kaseya’s higher-ups of critical software security flaws, but former workers told Bloomberg that they were being torn off. Several workers have been frustrated or fired after the alarm about failures in cyber security practices of the IT company has sounded over and over. Now, Kaseya is at the center of a massive ransomware attack involving over 1,000 businesses worldwide.

Bloomberg reports that employees reported to their supervisors that Kaseya was using outdated code, implementing poor encryption, and did not routinely patch their software and servers between 2017 and 2020. According to five former Kaseya workers, who talked to the outlet under anonymity, because they had signed agreements for non-disclosure or feared reprisals.

In its old Virtual System Adminstractor software, which was supposed to have been rife with problems, two previous employees warned executives of the vulnerability that hackers hijackled to launch that last attack. Customers of Kaseya, companies known as managed service providers or MSPs, provide hundreds of smaller companies with remote IT services, and use VSA servers to manage and forward software updates to these customers.

The early reports indicate that hackers have been given access to the Kaseya backend infrastructure to send disguised malware to VSA-based client server as a software update. They used the malicious update on each VSA workstation for installing ransomware. The ransomware gang linked to Russia, REvil, has acknowledged this attack and demands $70 million to release all computers affected.

One former employee told Bloomberg that he had sent a 40 page memo to Kaseya in 2019, one of his many attempts to persuade business leaders to address such issues. Two weeks later, he was fired and said in an interview with the outlet, he believed a decision related to these efforts. Others stopped from being frustrated when Kaseya seemed to be focused on developing new product features to address existing vulnerabilities.

Another former employee claimed that Kaseya saved uncoded customer passwords on platforms from third parties and seldom patches their software or servers. When the company started to deploy employees in 2018 to outsource their jobs to Belarus, four of five Bloomberg employees stated that, given Russia’s influence over the country, this decision was seen by them as a potential safety risk.

In ransomware attacks Kaseya’s software was even used before — according to the staff at least twice between 2018 and 2019. That was still not sufficient, bafflingly, for them to rethink their standards of cyber security.

When Kaseya sent the following statement to Gizmodo for comment on these claims from his former staff:

“Kaseya focuses on the affected customers and those who have real data and try to get to the bottom of it, not on random speculations of former employees or the wider world.” “

However, hackers have exploited similar vulnerabilities to those described earlier, so the claims of the workers are not that difficult to believe. SolarWinds was also targeted in December for a supply chain attack, when hackers exploit security vulnerabilities in their customers among third-party software suppliers. Back to 18,000 of its clients, including many major U.S. federal agencies and companies, were compromised.