Information on Kaseya Breach

Information on Kaseya Breach
July 23, 2021, 2:00 pm

All systems are back up. We consider this issue closed and will continue to monitor and perform various tests on the system.
If you have any questions please reach out to our team.

July 20, 2021, 9:00 am

After an extensive amount of testing, we have begun to bring our server back online. We feel comfortable with the improvements Kaseya has made and the amount of testing that has taken place with ourselves and our partners. We will be monitoring all items extremely closely during the next few weeks and will continue to perform various tests on the system. If we have any questions or concerns our first action will be to take the server offline again as a precaution. At this time we do not expect any further interruptions.

If you have any questions please reach out to our team.

 

July 19, 2021, 8:00 am

It looks like waiting to bring the server back online was the correct decision. Over the weekend Kaseya has notified its partners that it is still releasing updates to its patch. While Kaseya is in the process of updating its patch we feel it is the safest option to keep our server offline. The updates are more on functionality than security however we still feel it is the safest option to keep the server offline until all of the updates have been well vetted.
We will continue to monitor the status.

July 16, 2021, 9:00 am

We have begun the process of patching the Kaseya server. We are taking a very slow and meticulous approach by making backups of the server during each step. This is more than Kaseya is recommending but we prefer to be cautious in our approach. Our preparation before this event has allowed us this benefit.

 

July 14, 2021, 8:00 am

After several days of testing, Kaseya has released a patch to their software. As stated previously, we have decided to wait on applying the patch and bringing our servers back online. We currently have been utilizing other means of support which allowed us the ability to be more cautious and selective on our spin-up.

At this time, we will begin to apply the patches one at a time and monitoring the effects each has. We expect to finish this process by the end of the day today and bring the server back online. If we see any signs of any issues at all we will halt all processes.

 

July 12, 2021, 9:00 am

As we continue to monitor the situation, we are keeping our monitoring software shut down for the time being. We will continue with our alternate means to deliver support to our clients.

 

July 11, 2021, 12:30 pm

We are continuing to monitor the situation. We will continue to keep our monitoring software shut down for the time being.

 

July 8, 2021, 2:00 pm

We continue to monitor the situation and will continue to scan our network. Our systems look to be unaffected based on the current information available. Out of an abundance of caution, we will continue to keep our monitoring software shut down for the time being.

 

July 6, 2021, 9:00 am

It was a much busier holiday weekend than we anticipated.

Kaseya has been delivering press releases throughout the weekend but in the end, they have not delivered any big news regarding how the breach happened or the availability of a patch.

Kaseya did release a tool over the weekend to scan servers and see if they were impacted. We utilized our offsite replication and brought up the server in a “Sandbox” mode. We ran the scan, and our servers came up clean. As they release more tool’s we will continue to utilize them.

In an abundance of caution, our servers will remain offline long after the patch is available. We plan on leaving our servers offline until we are comfortable that it is safe to bring them online. We have already decided that this will be long after the patch is available and deployed.

We took extra security measures years ago on our servers that others did not. These extra security measures required our staff and vendors to go through extra security steps to access our toolsets. We do not yet know how the bad guys were able to get in but we suspect our security steps helped keep our exposure down.

How am I impacted?

We talk to our clients about redundancy, and we practice it internally. As part of our disaster recovery planning, no one tool is critical to what we do, and we have redundancy and backup plans for any one of our tools when we do not have access to them.

We will not have automatic access to your PCs or servers during this downtime. However, as stated above, we already had alternate means to deliver support to our clients. This may require more interaction with your users to gain access to your system than normal.

Do I need to do anything?

Currently, everyone is just waiting for Kaseya to release patch information.

What happened

In general, Kaseya was the victim of a cyberattack. This in turn affected a limited number of their clients. They have not released much detail beyond that. It is not uncommon for the details to be kept close to the vest before a patch is available. However, everyone, including ourselves, are anxious to learn the details so we can in turn learn from the experience.

How did they get in?

That is the question all of us want to know. They have stated in several press releases and on Good Morning America that they know how the bad guys got in, but they have not released that info yet. I am hoping this is because they do not want to let others know the security flaw until it is patched, which is understandable.

Is this a big deal?

Yes, for some. Kaseya is reporting about 1500 companies have been affected by this attack.

Given how long it is taking Kaseya to deliver a patch for their program would tell us this was a pretty deep vulnerability.

More importantly, it shows that every company is vulnerable in some way, and we all have to do everything we can to keep mitigating this risk. The big thing we are waiting for from Kaseya is how were they exploited so we can learn from it.

 

July 2, 2021, 3:15 pm

We have been made aware that there has been a security compromise to a toolset used in our industry made by Kaseya. Currently, the issue is limited to a small number of Kaseya’s clients. We have scanned our network and confirmed at this time that our systems are unaffected based on the current information available. Out of an abundance of caution, we have decided to shut down our monitoring software.

We will continue to monitor the situation and take all necessary steps.