Until We Get Better at Trusted Environments, Attacks Like Kaseya Will Continue

Go ask a Cybersecurity professional to explain how a digital certificate works, and how it protects the privacy of the user and proves the identity of the Web site. If they can explain it, that’s great. If not, be worried. And go ask a software developer about the technical methods used to sign and prove digital libraries and API connections, and if they can explain these, then all is good. Unfortunately, it is not all rosy. I have observed a general lack of knowledge in the core of the trust and security on the Internet: PKI.

But, why is this so important? Well, we too often dwell on the after effects of a security incident, but not on how to be secure by design. And it is digital certificates and breaches of the trust infrastructure that can cause considerable damage within the industry. In Solarwinds, the intruders managed to find a digital certificate the private key that was used to sign their applications, and thus was used to compile a new version with a backdoor, and then for the application to be signed with a trusted key.

The initial details of the intrusion of the Kaseya attack (which started on 1 July 2021) have now been published here. Unlike the reports on it being a supply chain attack, it was actually an attack on Kaseya internet-facing servers. Overall the intruders…