Another Day, Another Hack Via a Private Equity Owned Software Firm
This time it's Insight Partners and its portfolio software firm Kaseya whose product allowing 200 corporations to get hacked on July 4th weekend.
Welcome to BIG, a newsletter on the politics of monopoly power. If you’d like to sign up to receive issues over email, you can do so here.
First it was PE-owned Solar Winds that let hackers break in to large companies and the Federal government, including our nuclear weapons facilities. Then it was PE-owned Pulse Connect Secure that let hackers take over New York subway systems. What they don’t cut in terms of security spending they offshore, purely to generate cash.
And here we go again.
A successful ransomware attack on a single company has spread to at least 200 organizations, according to cybersecurity firm Huntress Labs, making it one of the single largest criminal ransomware sprees in history.
The attack, first revealed Friday afternoon, is believed to be affiliated with the prolific ransomware gang REvil and perpetuated through Kaseya, an international company that remotely controls programs for companies that, in turn, manage internet services for businesses.
Kaseya is owned by a private equity firm Insight Partners, and Glassdoor reviews are full of the standard ‘they don’t invest in R&D and customer relationships’ type of boiler room anger that is common with firms like this. Kaseya also has over 100 employees in Belarus, largely doing software development and testing. Offshoring security to a nation so closely intertwined with the Russian economy is… not wise.
The notion that the problem is the existence of attackers and not the undersecured, high value commodity being stolen/compromised is a very fraught.
I am also shocked that somehow stereotyping all bad hackers as Russian is not flagged as being prejudicial.
Lastly, just how beneficial would it be to throw experienced Eastern European software developers out of work by categorically "going non-Russian"? Surely they would all just gravitate towards being baristas? After all - if the hacker is Romanian - they're Russian. If they're Ukrainian, they're Russian. If they're Polish, they're Russian. The list goes on and on.
The right to profit no matter the societal cost. That’s how a shithole — a failed state — rolls.