Andreas Fuchs

Product Strategy

Recent Posts

5 min read

Could the Kaseya VSA supply chain ransomware attack have been prevented?

By Andreas Fuchs on Jul 12, 2021 2:20:18 PM

The background story is that despite the existence of the Kaseya vulnerability, a decent endpoint security solution could have provided better outcome. Because in the worst case, the malware could have been installed, but the security solution would have prevented its execution - and thus also the encryption of the endpoints.

The media recently reported that a hacker attack via IT service provider Kaseya affects thousands of companies. reported “attackers managed to compromise the vendor's software to push a malicious update to thousands of customers. (…) an estimated 1,000 companies have had servers and workstations encrypted. The vendor added that it is reasonable to suggest "thousands of small businesses" may have been impacted. (…) The cyberattack has been attributed to the REvil/Sodinikibi ransomware group who have ties to Russia, which has claimed responsibility on its Dark Web leak site, "Happy Blog."”.

This shows that the attack hit companies of all sizes, as well as across multiple verticals. So, irrespective of the budget or vertical, everyone is vulnerable.

At the time of an attack in a zero-day exploit - i.e. a targeted exploitation of a known or unknown vulnerability in a piece of software - we know nothing about the attack tactics or the attack vectors. But we know that we have to protect ourselves against the unknown. Therefore, I am not so much concerned with the vulnerability in the Kaseya infrastructure per se, but rather with how we can successfully prevent the exploitation of all vulnerabilities and thus allow companies to be secure.

Through a simplified summary of the somewhat complex process I would like to show where DriveLock solutions could have helped to avoid the attacks.
For the following sections I refer to the Sophos News website.

REvil was able to deploy and run its dropper locally to all customers’ endpoints without testing through the Kaseya agent. Certain directories on the endpoint are deliberately and intentionally ignored by the Kaseya agent through exclusions. This opened the way for a malicious payload agent.crt file to be written to the VSA agent's working directory for updates. After deploying the payload, the Kaseya agent then executed the following Windows shell commands concatenated into a single string:

Continue Reading
4 min read

EDR - the Sherlock Holmes of cyber security

By Andreas Fuchs on Jun 2, 2020 11:00:00 AM

Source: iStock

On the trail towards EDR

In our last blog post "Silent hacker attacks and the need for detection mechanisms" we talked about covert cyber attacks and the need for detection tools. Now we would like to present a typical Endpoint detection and response solution with its building blocks.

Continue Reading
3 min read

Silent hacker attacks and the need for detection mechanisms

By Andreas Fuchs on May 26, 2020 2:00:00 AM

Again and again, we read about hacking incidents where attackers can spy on a company, an authority or a ministry and remain unnoticed for months without affecting the systems.

Continue Reading
3 min read

IT security in 6 steps with Zero Trust

By Andreas Fuchs on Jan 24, 2020 3:35:53 PM

source: iStock
The major strategic objective of cyber security in the digital age is to combat and contain privacy violations. A company's data is its most valuable asset that must be protected.
In the last blog post "What elements does a ZERO trust model consist of" we talked about the pillars of a Zero Trust architecture. In this article, we explain step by step how to implement Zero Trust in your company.
Continue Reading
3 min read

What elements does a ZERO trust model consist of?

By Andreas Fuchs on Dec 3, 2019 5:11:01 PM

The major strategic goal of cyber security in the digital age is to combat and mitigate data breaches. A company's data is its most valuable asset to protect.

In the last blog post "This is how IT security works with Zero Trust today" we talked about what Zero Trust is and the rationality behind it.

Continue Reading
5 min read

This is how IT security works with Zero Trust today

By Andreas Fuchs on Nov 20, 2019 7:51:35 PM

Source: Cecile Arcurs | iStock

Why today's IT security architectures should be designed according to the ZERO TRUST model

Continue Reading
3 min read

Extortion becomes the new normal for Cybercrime

By Andreas Fuchs on Jan 25, 2019 8:58:00 AM

In 2017, WannaCry Ransomware spread to 100 countries over a weekend. Don't expect patching to stop the business model of digital blackmail. Be prepared!

Continue Reading