You may have seen the news about a supply-chain ransomware attack on Kaseya which affected numerous businesses over the holiday weekend. The targeted company, Kaseya, provides tools to Managed Services Providers (MSPs) like Mytech. One of these tools, “Kaseya VSA,” was recently compromised by an international cybercrime organization, then used to attack roughly 60 MSPs and, by extension, up to 1,500 end-user organizations.
This type of cyberattack – using MSP tools as an attack vector against the MSPs’ own clients – is a type of supply-chain attack, and is becoming increasingly prevalent due to its ability to easily “scale up” to hit numerous valuable targets at once. While there is no reason to believe Mytech or its clients were affected, this is an ongoing situation and we're providing the most up-to-date info for our clients here.
What Mytech is doing:
Mytech does not use “Kaseya VSA,” the only tool with any evidence of compromise, but we do use a different Kaseya tool as part of our managed services. Out of an abundance of caution, we have isolated this tangentially related tool until we can investigate it fully and be confident it poses no risk to our clients. This back-end change will not affect our clients in any noticeable way.
Additionally, we have searched our clients’ environments for any suspicious agents installed by Kaseya via any 3rd-party, non-Mytech vendors. While we do not believe such a fringe attack is overly likely, we do not leave our clients’ security up to chance. The Kaseya agents found in this way have been disabled until they can be properly inspected and confirmed as secure. The vast majority of our clients will not be affected, but a few may experience interruptions or errors due to disabled 3rd-party Kaseya services.
Finally, Mytech is taking this moment to evaluate our current processes. There are always lessons to learn from every cyber attack or disaster, and this one is no different. Though there is no way to be certain, we believe that if a similar attack had targeted the Kaseya tool Mytech does use, it could have been slowed, mitigated, or even prevented entirely by several decisions and precautions that we already have in place. Nevertheless, we continue to explore options that drive this risk down even further, all as part of ensuring our clients’ productivity and peace of mind.
What you should do:
As we mentioned earlier, a small number of clients may experience some disruptions from the 3rd-party Kaseya plugins & agents we disabled. If you have experienced a disruption of services, please report it to our help desk immediately so we can work towards restoring your productivity in a secure manner.
We will continue to monitor this situation, and will post any noteworthy updates here, all as part of Making IT Easy for our clients every day.