%202.svg)
Kaseya’s MSP customers
REvil’s Sodinokibi
Widespread
$70+M Ransoms
Zero-Day Exploit in Supply Chain Software
Implicit Trust in Supply Chain Software
Network Cloaking
%20Cards.png)
The 2021 Kaseya VSA attack was a devastating supply chain compromise in which the REvil group exploited zero-day vulnerabilities in the Kaseya VSA software to gain access to vulnerable, internet-facing VSA servers. This managed service provider (MSP) tool was granted high levels of implicit trust across thousands of client networks.
The attackers leveraged zero-day exploits to upload malware and distribute a malicious update (posing as a legitimate hotfix) to client environments, deployingthe ransomware payload in a single step. This incident exploited the standard industry practice of granting significant, broad, and implicit trust to third-party software and vendors.
Traditional security models fail when the software itself is compromised. BlastWave mitigates this risk by enforcing Identity-Defined Microsegmentation (IDM)across all vendor- and supply-chain-related software communications.
First, the VSA servers would have been cloaked and undiscoverable on theInternet, ensuring the attack is blocked at the first attempt to breach the ZeroTrust boundary. Second, in an OT environment, patches are generally not pushed immediately, which is even more common in cloaked environments due to BlastShield’s virtual air gap.
Reading about past failures is only useful if it changes future outcomes. If attackers can see your OT network, they can target it. If they can target it, compliance, safety, and uptime are already at risk.
BlastWave eliminates reconnaissance, initial access, and lateral movement — without agents, without downtime, and without changing IPs, protocols, or PLCs.