Kaseya staff sounded the alarm on security breaches for years before the ransomware attack

Employees have warned Kaseya’s superiors for years of critical security flaws in its software, but their concerns were dismissed, former employees said Bloomberg. Several staff members have resigned in frustration or been fired after repeatedly sounding the alarm bells about failures in the IT company’s cybersecurity practices. Now Kaseya is at the center of massive ransomware attack that has trapped more than 1,000 companies around the world.

Between 2017 and 2020, employees reported “vast cybersecurity issues” to their superiors, saying Kaseya was using outdated code, implementing poor encryption, and not routinely patching its software and servers, Bloomberg reports. This is according to five former Kaseya employees who spoke with the outlet on condition of anonymity because they had signed nondisclosure agreements or feared retaliation.

Two former employees said they warned executives about vulnerabilities in its old software, Virtual System Administrator – the system that hackers hijacked to launch this latest attack – which was supposedly so riddled with problems they wanted it to be. it is replaced. Kaseya’s customers, companies known as Managed Service Providers or MSPs, provide remote IT services to hundreds of small businesses and use VSA servers to manage and send software updates to those customers.

According to initial reports, hackers gained access to Kaseya’s core infrastructure to send malware disguised as a software update to VSA servers running at the customer’s premises. From there, they used the malicious update to install ransomware on every workstation connected to the VSA systems. The REvil ransomware gang, linked to Russia, has credited for this attack and demands a ransom of $ 70 million to unlock all affected computers.

A former employee told Bloomberg that in 2019 he sent Kaseya’s superiors a 40-page memo describing his security concerns, one of many attempts he made during his tenure to convince executives of the company to resolve these issues. He was fired two weeks later, a move he said was linked to those efforts, he said in an interview with the outlet. Others quit in frustration after Kaseya appeared to focus on rolling out new product features rather than addressing existing vulnerabilities.

Another former employee claimed that Kaseya stores unencrypted customer passwords on third-party platforms and rarely patched its software or servers. When the company began laying off employees in 2018 to outsource their jobs to Belarus, four of the five workers Bloomberg spoke to said they saw the move as a potential safety risk given Russian influence over the country.

Kaseya’s software had even been exploited in ransomware attacks before, at least twice between 2018 and 2019, according to employees. Disconcertingly, it still wasn’t enough to convince them to rethink their cybersecurity standards.

When contacted to comment on these claims from his former staff, Kaseya provided the following statement to Gizmodo:

“Kaseya focuses on the customers who have been affected and the people who have real data and are trying to get to the bottom of it, not the random speculation of former employees or the world. “

Nonetheless, hackers exploited vulnerabilities similar to those described here to launch large scale attacks before, so employee claims are not that hard to believe. In December, SolarWinds was also targeted in a supply chain attack, that is, when hackers exploit security holes in third-party software vendors to target their customers. As many as 18,000 of its clients have been compromised, including many large US federal agencies and businesses.