Kaseya was warned of security flaws several years before the ransom program attack
Giant Redemption program attack against Kaseya would be completely avoided. Former staff to speak for Bloomberg They claimed that they had repeatedly warned managers about “critical” security flaws in Kaseya’s products between 2017 and 2020, but that the company had not actually addressed them. More than a dozen workers have been fired or fired for inaction, he said.
Employees reportedly complained that Kaseya used old code, applied poor encryption, and could not even fix the program on a regular basis. The company’s Virtual System Manager (VSA), a victim of the ransom program, faced a number of problems that required employees to change the software.
An employee claimed he was fired two weeks after sending a 40-page briefing to managers about security concerns. Others were disappointed to focus on new features and releases instead of simply solving major problems. Kaseya laid off some workers in 2018 in favor of involving them in the work of Belarus, which local leaders consider a security risk, given the partnership with the Russian government.
Kaseya declined to comment.
The company showed signs of wanting to fix the problems. Dutch researchers solved some problems after pointing out vulnerabilities. However, it didn’t fix everything, and it wasn’t long before analytics companies such as Truesec found significant flaws in the Kaseya platform. This was not the first time Kaseya had faced security problems. The company said the program was used to launch the ransom program at least twice between 2018 and 2019 and did not significantly rethink its security strategy.
No matter how accurate the reports, Kaseya’s condition would not be unprecedented. Staff SolarWinds, Twitter and others described security vulnerabilities that were not addressed in a timely manner. Remember, this only makes the situation worse. It is very common that key parts of America’s online infrastructure are vulnerable to neglect, and these major missteps.
All products recommended by Engadget are selected by our editorial staff, regardless of our parent company. Some of our stories include affiliate links. If you buy something with one of these links, you can earn a joint commission.