The Security Ledger Podcast

The Security Ledger Podcast


Episode 220: Unpacking The Kaseya Attack And Securing Device Identities on the IoT

July 08, 2021

In this episode of the podcast, sponsored by Trusted Computing Group* we dig deep on this week’s ransomware attack on users of the Kaseya IT management software. Adam Meyers, the Senior Vice President of Threat Intelligence at CrowdStrike joins us to talk about the attack. We also talk with Frank Breedijk of the Dutch research group DIVD that discovered the vulnerability used by the REvil ransomware gang and was working with Kaseya to fix it. Finally, Tom Laffey, a product security strategist at Aruba, a Hewlett Packard Enterprise firm, and co-chair of the Network Equipment working group at TCG joins us to talk about the role that strong device identities play in securing Internet of Things endpoints.

Another week, another devastating ransomware attack. On the heels of attacks on the Colonial Gas Pipeline and meat processor JBS, the last week brought news of a ransomware attack on Kaseya, an IT management platform used primarily by managed service providers. The attack saw Kaseya’s VSA software used to push out copies of the REvil ransomware to hundreds of downstream customers of MSPs that used the on-premises version of Kaseya VSA.

The issue raises more questions about the security of software supply chains that companies across industries rely on. In this week’s episode of the podcast we dig deep into the Kaseya hack and some of the larger questions it raises about the security of critical technology platforms that are the scaffolding of modern enterprises. 

Kaseya caught in Pinchy Spider’s Tangled Web

Adam Meyers is the Senior Vice President of Threat intelligence at the firm CrowdStrike.

In our first segment, we’re joined by Adam Meyers, the Senior Vice President of Threat Intelligence at the firm CrowdStrike. Adam has been a frequent guest on the podcast. In this interview, he helps us dig into the specifics of the Kaseya hack and the group behind the REvil ransomware, an advanced threat that CrowdStrike has dubbed Pinchy Spider. 

In this conversation, Adam and I talk about the Kaseya attack and what it means for companies that have come to rely on managed service providers of the type that use the Kaseya software. These firms provide important services for customers, but also demand access to and high levels of privilege on the networks they manage. Adam notes that threat actors recognize that IT suppliers like Kaseya and SolarWinds are an easy avenue to gain access to a large population of networks in one fell swoop.

To stop these attacks, organizations need to do basic blocking and tackling: patch management, threat detection firewalls, endpoint security and so on. But Customers need to do more to understand what software they’re using internally and what profile that software keeps under normal conditions.

Spotlight Podcast: Two Decades On, Trusted Computing Group tackles IoT Insecurity

“Threat actors recognize the power of (this) type of attack. The writing is on the wall. You need to be cognizant of what software you use and what that softwar...