Just prior to the Fourth of July holiday weekend, software vendor Kaseya was the latest company to be seriously impacted by a supply chain ransomware attack that leveraged a vulnerability in the firm’s VSA (Vector Signal Analysis) software and targeted multiple Managed Service Providers (MSPs) and their customers. The multinational company, which has its U.S. operations based out of Miami, confirmed that approximately fifty of its direct customers were breached in the attack, while in turn as many as 1,500 businesses may have been compromised as a result of the breach.
In just the past month there have been similar cyber-attacks made against the Colonial Pipeline and JBS, the nation’s largest meatpacker. Researchers have noted that these recent attacks highlight the supply chain vulnerabilities the United States faces, and even if firms believe they are doing everything right, a misstep by a vendor can create a massive ripple effect.
From Russia With Malice
The attacks have hit a diverse number of American businesses or operations, but they also share something else in common – the attacks likely originated in Russia. While the Kremlin has denied being connected to the attacks, the United States has continued to press Russia on the matter.
During Thursday’s White House press briefing, Press Secretary Jen Psaki was pressed on the matter and said that President Biden is being updated on the issue on a near-daily basis.
“We are continuing to gather details on if this incident occurred with the knowledge or approval of the Russian government. That’s what we’re really digging into at this point in time,” Psaki explained. “And while the intelligence community has not yet attributed the attack and we still don’t have new information on the attribution as of today, the cyber community — security community agrees that the criminal group, REvil, that we’ve talked about a bit in here, operates out of Russia with affiliates around the world.”
Psaki added that administration officials have been in touch with “high-level” Russian authorities regarding the incident, and said that the administration has maintained the same clear message to Moscow: “If the Russian government cannot or will not act against criminal actors residing in Russia, we will act.”
What that response would look like isn’t clear, but the administration has made it clear that it would be aimed at rogue actors or the Russian state based on who was behind such an attack. Just last month, Secretary of State Antony Blinken vowed a U.S. response if Moscow targeted the U.S. with a cyber attack.
“We expect Russia to take action to prevent these cyber attacks from happening again,” Blinken told the Italian newspaper La Repubblica.
The United States had previously sanctioned Moscow over the SolarWinds cyber attack last year, which was believed to have compromised American government departments. That attack had been carried out by hackers who were reportedly directed by the SVR, Russia’s intelligence service. The Kremlin has denied any involvement, however.
“If Russia continues to attack us, or to act as it did with the SolarWinds attacks, the intrusions into our elections, and the aggression against (opposition politician Alexei) Navalny, then we will respond,” Blinken told Reuters earlier this month.
There is little that the private sector can really do, except perhaps preparing for a future attack.
“The U.S. can sanction Russians including government officials who are behind these attacks,” technology industry analyst Roger Entner of Recon Analytics explained.
“It is pretty clear that they can’t happen without government approval or at least acquiesce,” added Entner. “If the U.S. wants to be more serious then the U.S. has a significant arsenal of cyber tools that it can use to disrupt Russian interests.”
Peter Suciu is a Michigan-based writer who has contributed to more than four dozen magazines, newspapers and websites. He regularly writes about military small arms, and is the author of several books on military headgear including A Gallery of Military Headdress, which is available on Amazon.com.