queries. It’s an old technique that Mellen said
has been considered a “solved problem” in the
cybersecurity world for a decade.
“It points to a chronic product security issue in
Kaseya’s software that remains unaddressed
seven years later,” she said. “When organizations
choose to brush over security challenges, the
incidents continue, and, as in this case, get worse.”
Kaseya has noted that it’s long been a target
because many of its direct customers are
“managed-services providers” that host IT
infrastructure for hundreds, if not thousands, of
other businesses.
“In the business we’re in, and the number of
endpoints we manage around the world, as
you might expect, we take security extremely
seriously,” Ronan Kirby, president of the
company’s European operations, said at a
Belgian cybersecurity conference. “You attack
a company, you get into the company. You
attack a service provider, you get into all their
customers. You get into Kaseya, that’s a very
different proposition. So obviously we’re an
attractive target.”
Kaseya declined to answer questions from the
press about the previous hacks or the legal
dispute involving its founders.
Mark Sutherland and Paul Wong co-founded
Kaseya in California in 2000. They had previously
worked together on a project protecting the
email accounts of U.S. intelligence workers at
the National Security Agency, according to an
account on the company’s website.
But more than a year after selling Kaseya in
June 2013, court records show that Sutherland,
Wong and two other former top executives sued