Supply chain attacks could be a growing problem for telcos
Managing customer networks and the security that is necessary to go around them is complicated, which is why some companies outsource the work to experts, but business technology journalist Antony Savvas warns that ‘outsourcing a problem’ doesn’t always work.
A company called Kaseya, which very few people had probably heard of, became the centre of attention over the last week after its networking and security management software infected or potentially exposed thousands of its customers to ransomware.
It’s a company I have followed for years as a result of covering the market growth of managed service providers (MSPs) in apps, networks and telecoms. These MSPs need efficient ways to manage the software and services they distribute and manage on behalf of their partners and end customers.
They go to international vendors like Kaseya to get the automated systems needed, but not software loaded with ransomware that locks up customer systems.
But a week ago, last Friday 2nd July, that’s exactly what happened. The really dangerous thing about this attack is that it didn’t take many actors to spread it.
According to Kaseya, no more than 60 MSPs who use its VSA remote monitoring and management (RMM) product were affected. But in turn they managed to potentially expose many, many thousands of end customers to ransomware and having their systems frozen, as part of the so-called supply chain attack.
The fact that many many thousands do not seem to have had their data locked is perhaps down to a combination of customer security systems that kicked in, luck and relatively quick instructions from Kaseya to close down servers exposed to the rogue software.
Closing down the servers though meant many organisations couldn’t manage their business systems effectively and potentially led to other problems. Days into the attack, Kaseya claimed no more than 800 to 1,500 end customers were affected by the attack in one form or another.
The problem, however, has still not been sorted out. The company says it will not have full patches and be able to securely start up VSA again to enable the management of customer systems until Sunday 11th July nine days after the attack!
Bearing in mind the infamous global BlackBerry outage from 2011 which basically destroyed the company in terms of customer confidence lasted four days, this isn’t exactly speedy remediation for MSPs’ partners and customers.
One also has to remember this isn’t the only time something similar has happened in the MSP space. At the back end of last year, MSP software provider SolarWinds also distributed rogue software to its customers, which enabled hackers to roam around freely on customer networks stealing sensitive data at leisure. This included hacked US government agencies and the customer support systems of Microsoft.
With the advent of 5G, the Internet of Things (IoT) and edge network services generally, networks are getting more complicated and cyber attacks and fraud attempts on telcos are getting more frequent. It’s important that communication service providers not only keep a watchful eye on their internal systems, but maybe consider that ‘outsourcing a problem’ further up the supply chain doesn’t always work either.
Being a telco executive can no doubt be a rewarding job, including the opportunity to travel, live in other countries and help deliver the cutting-edge technologies that can maybe help less developed countries catch up with richer ones.
It’s a rare occurrence, however, that technology executives are seen by the governments of the countries they are effectively trying to help as public stooges. Yet that’s exactly how the military junta of Myanmar (formerly called Burma) sees it.
Yes, networks and telecoms have always had backdoors used by governments of every shade to spy on their citizens, either in a highly targeted way or a blanket way, but they have generally showed a bit of class about it either claiming they only do it in a very limited way to watch small numbers of potential miscreants or not commenting about the subject at all.
But the junta in Myanmar is a bit sore at the fact that it doesn’t have the wholesale cooperation of foreign telco executives in its spying operations and has ordered them not to leave the country until they give it the capability to do so.
That’s a pretty crap military junta and smacks of old men and that’s what they mainly are not being able to keep up with technology, while they murder their youngest and most tech-savvy citizens on the streets. And, at the same time, they hunt down telco executives who were only trying to help bring Myanmar into the 21st century in return for relatively slim margins.
Their actions will kill major investment into the country going forward, illustrated by the fact that Telenor of Norway has just sold up in the country in response to the threats, after only entering the market in 2014. Ooredoo of Qatar is also believed to be weighing up its options.
Sigve Brekke, president and CEO of Telenor Group, said, “The situation in Myanmar has over the past months become increasingly challenging for Telenor for people security, regulatory and compliance reasons. We have evaluated all options and believe a sale of the company is the best possible solution in this situation.”
He added, “Telenor entered Myanmar because we believed that access to affordable mobile services would support the country’s development and growth.”
Good intentions aren’t always rewarded, but good on Brekke.
The recently held Mobile World Congress in Barcelona (also see: Telcos’ anger will only be curbed by regulatory action) is said to have attracted more than 20,000 in-person visitors and around 100,000 virtual visitors from 165 countries, according to the organiser, GSMA.
Last year’s event was cancelled totally because of the pandemic and the GSMA wanted to demonstrate how a hybrid event could be staged, while also putting some much-needed cash into its back pocket.
While the in-person figure is well down on the 109,000 visitors that attended in 2019, those behind the show and those who want to attend in the future will be encouraged by forward bookings for the next event, that isn’t far away.
MWC22 Barcelona returns on 28 February and has already seen physical stand space booked by the likes of Samsung, Ericsson, Nokia, Qualcomm and ZTE all companies that cancelled or curtailed their physical presence at the show this year.
The author is Antony Savvas, a global freelance business technology journalist.