A massive blackmail virus attack on Kaseya might have been completely avoided. Former employees who told Bloomberg say they warned executives several times between 2017 and 2020 about “critical” safety flaws in Kaseya’s products, but the company didn’t address them on the merits. Several employees either resigned or said they were fired in the midst of inaction.
Employees allegedly complained that Kaseya was using old code, performing poor encryption, and even routinely patching software. he failed. The company’s Virtual System Administrator (VSA) remote maintenance tool fell victim to the extortion virus. The VSA allegedly had enough problems to require workers to replace the software.
One employee said he was fired two weeks after he sent managers a 40-page security bulletin. . Others simply left because in their frustration, they seemed to focus on new features and versions instead of solving basic problems. Kaseya also laid off some employees in 2018 due to the outsourcing of work to Belarus, which was considered a security risk by some employees due to the partnership between local leaders and the Russian government.
Although the company gave a signal that he wants to fix the problems and who has fixed some things after Dutch researchers pointed out the vulnerabilities. However, not everything was remedied and it didn’t take long for analytics firms like Truesec to find glaring bugs in Kaseya’s platform. This is not the first time Kaseya has faced security challenges. The company’s software is said to have been used at least twice to launch blackmail programs between 2018 and 2019. The company did not significantly rethink its security strategy.
However, Kaseya’s situation is not unique. Employees of other large IT service companies also reported security vulnerabilities that were not corrected in a timely manner. According to Egngadget, this suggests that key parts of the U.S. online infrastructure are vulnerable to negligence and that these fundamental flaws are all too common.
Hardware, software, tests, curiosities, and colorful news in IT by clicking here
