Employees have warned Kaseya’s senior company for years about critical security flaws in its software, but their concerns have been removed, former workers said. Bloomberg. Several staff members left their jobs frustrated or fired after repeatedly sounding the alarm over a flaw in the IT company’s cybersecurity practices. Now Kaseya is in the center mass ransomware attack it has captured more than 1,000 companies worldwide.
Between 2017 and 2020, employees reported “broad cyber security concerns” to their superiors, claiming that Kaseya used outdated code, implemented poor encryption and did not routinely patch its software and servers, Bloomberg reports. This is claimed by five former Kaseya employees who spoke to the branch on condition that they remain anonymous because they signed non-disclosure agreements or feared retaliation.
Two former employees said they alerted executives to a vulnerability in its outdated Virtual System Administrator software – a system hijacked by hackers to launch this latest attack – which was reportedly so fraught with problems that they wanted to replace it. Customers at Kaseya, a company known as managed service providers or SMEs, provide remote IT services to hundreds of smaller businesses and use VSA servers to manage and send software updates to those customers.
According to initial reports, hackers gained access to Kasey ‘s background infrastructure to send malware disguised as a software upgrade to VSA servers running on client premises. From there, they maliciously upgraded to install ransomware on every workstation connected to VSA systems. Ransomware gang associated with Russia has taken credit for this attack and demands a ransom of $ 70 million to unlock all the affected computers.
One former employee told Bloomberg that in 2019, he sent Kasey a 40-page memorandum outlining his security concerns, one of several attempts he made during his tenure to persuade company leaders to address such issues. He was fired two weeks later, a decision he believes is related to those efforts, he said in an interview with the branch. Others stopped out of frustration after Kaseya seemed to focus on introducing new product features to address existing vulnerabilities.
Another former employee claimed that Kaseya stored unencrypted user passwords on independent platforms and rarely patched his software or servers. When the company began laying off employees in 2018 to relocate its jobs to Belarus, four of the five workers interviewed by Bloomberg said they saw the decision as a potential security risk given that Russian influence above the ground.
Kasey’s software has even been used in ransomware attacks before – at least twice between 2018 and 2019, according to employees. Confusingly, that still wasn’t enough to convince them to reconsider their own cybersecurity standards.
When asked to comment by former staff members on these allegations, Kaseya gave Gizmodo the following statement:
“Kasey’s focus is on customers who are affected and people who have real data and trying to get to the bottom of it, not on random guesses from former employees or the wider world.”
Nonetheless, hackers took advantage of similar vulnerabilities as described here to launch them widespread attacks earlier, so the claims of employees are not so hard to believe. In December, SolarWinds was also targeted in an attack on the supply chain, that is, when hackers exploit security vulnerabilities among independent software vendors to target their customers. Up to 18,000 of its customers have been compromised, including many large US federal agencies and companies.