Cybersecurity Nightmare = Ransomware + Software Supply Chain Attack

  /  ICS Security   /  Cybersecurity Nightmare = Ransomware + Software Supply Chain Attack

Cybersecurity Nightmare = Ransomware + Software Supply Chain Attack

Recently, the Russia-based hacking group REvil, attacked the Florida-based software company Kaseya Ltd. If you’re not familiar with Kaseya, they provide network and security management services for small to medium-sized businesses (SMBs), not unlike what SolarWinds offers for large businesses. So this is yet another attack taking advantage of poor software security at companies that provide security management products and services.

Most major OT operators, like large oil & gas companies, won’t be impacted. Similarly, US government agencies will probably be okay, unlike in the December SolarWinds supply chain attack. However, this could be a mess for industries with many smaller operations, such as water utilities, small power utilities (like Munis), or the food and beverage industry.

Cybersecurity Issues for SMBs

Industrial SMBs often have a very decentralized security management strategy; that is, it’s every plant for itself when it comes to security. For example, just before the pandemic struck, an OT security manager at a Fortune 500 food and beverage company was asked what the software approval process was for OT systems at their company. The answer:

“Each engineer or technician downloads the software they need for the PLCs they manage directly from the PLC vendors’ websites. They then make their own decisions on whether they should install that software. There is no company-wide strategy to validate the safety or security of that software.”

This approach is going to make Kaseya an issue for industrial SMBs for two reasons:

  1. SMBs often have very weak separation between IT and OT. In many cases, there is zero separation as the security team is simply too small to afford dedicated staff and services for OT. So any Kaseya problems in IT quickly become OT problems.
  2. The Kaseya product is really popular with managed service providers (MSPs) who use it to manage multiple clients’ systems. Industrial SMBs often outsource their security (again, because building a full security team is too costly). These companies don’t even know what software is being installed in their facility!

Further reading: Preventing Malware Attacks with Network Security Monitoring Solutions

Read the full post from aDolus to learn more about the impacts of this cyber attack.


About the Author

Eric ByresEric byres, CTO, aDolus. Eric is widely recognized as one of the world’s leading experts in the field of industrial control system (ICS) and Industrial Internet of Things (IIoT) cybersecurity. He is the inventor of the Tofino Security technology – the most widely deployed ICS-specific firewall in the world – licensed by industry giants Honeywell, Schneider Electric, and Caterpillar. Eric is also known for his leadership in international standards and research for industrial communications.


Learn from global ICS cybersecurity subject matter experts as they share insights on topics like Cybersecurity for Manufacturing, Energy and Infrastructure Industries and The Role of AI in ICS Cybersecurity at IIoT World’s Cybersecurity Day on October 6, 2021. The first 500 tickets are free, so register today.

Cybersecurity Day Register