A Message from Net Friends CEO on the Kaseya Breach:
Hi, I’m John Snyder, CEO of Net Friends. As a Net Friends customer, you may be wondering about Friday’s breaking news that several IT managed service providers, and hundreds of their customers, have been attacked by a ransomware group. The software that was compromised in the attack is called Kaseya VSA. I can assure you that Net Friends does not use Kaseya products in any way. To our knowledge, your business has no exposure to this attack.
The group behind the attack, called “REvil," has been on our watch list for some time. We conducted a case study on them in the recent past, and at the time, we knew they sometimes use a compromised workstation management agent to inject ransomware onto victim machines. Around 3:45pm on Friday, July 2, we received a welcome tip from our good friends at Huntress Labs, a fellow cybersecurity firm who broke the story and first detected the attacks. They were calling us even though we don’t do business together just to try to be good members of the cybersecurity community and to make sure we were aware of what was happening. Just to be on the safe side, after we received the tip we mobilized our teams late on Friday and confirmed that we saw no indicators of compromise on any systems we support.
We’ve been continuing to closely monitor our systems as well as following this story all weekend. Stepping back from the immediate issue, we’ve been thinking about how we see a real pattern here with these types of attacks. What seems to have happened here is that a trusted tool used by knowledgeable IT teams was compromised somehow upstream. From what we can tell, the managed services providers who were hit did everything right on their end. This is making us critically think about the tools we are using to support your systems, rethinking our overall approach for providing remote monitoring and management (RMM) of the systems you have entrusted to our care.
This internal review process is vitally important and something we take very seriously. One recent example of how this internal review can bring about change: we revamped our antivirus tools to transition your business system protections to the best-of-breed tool Cortex-XDR earlier this year. We will continue to evolve and adapt to try to stay as many steps ahead of the bad guys as possible.
In the days ahead, we will begin a pilot program to see if we can provide the same or even better support without traditional RMM tools. There will be costs that Net Friends will incur and absorb during this transition that we will not pass on to you. Instead, we see that we have little choice but to continue to innovate and adapt to thwart these novel threats. We really feel that this is a wake-up call for us. We’ve seen multiple examples of how RMM tools have been used in attacks: ConnectWise RMM tools were leveraged three times since 2019 for similar attacks, Solarwinds Orion was compromised and leveraged for attacks in 2020, and now we are seeing a similar situation here with Kaseya VSA.
You do not need to do anything at this time. Just know that we at Net Friends are taking action in light of the attacks we are seeing becoming more and more common. These attacks change our assessment of risks for the tools we are using, and we want to change our tactics so both of us can avoid a devastating ransomware attack.
Thank you for reading and for trusting Net Friends with your IT support, IT security, and IT strategy.