Saturday, July 10, 2021

#CANCELTOKYOOLYMPICS

Factbox-Olympics-Money, money, money: the cost of Tokyo’s pandemic-delayed Games

FILE PHOTO: The logo of Tokyo 2020 Olympic Games is seen through signboards, in Toky

TOKYO (Reuters) – Despite public opposition in Japan over fears of new coronavirus surges, the Tokyo Olympic Games that were postponed last year will get under way on July 23, with spectators now barred from all events.

The delay and crowd restrictions on the Games, which will end on Aug. 8, have been expensive in various ways. Here are some areas where costs have grown, and where income that had been expected will not materialise.

OLYMPIC COSTS

Organisers said last December that the entire cost of holding the Games would be about $15.4 billion, including $2.8 billion for the unprecedented postponement from 2020. Since then, the projected bill for postponement has risen to $3 billion.

Organisers initially sold some 4.48 million tickets and the government had expected a tourism windfall, before first overseas visitors and then domestic spectators were ruled out.

Ticket revenues had initially been expected at about 90 billion yen ($815 million) but will now drop to virtually nothing.

SPONSORS

More than 60 Japanese companies together paid a record of more than $3 billion to sponsor the Games. Sponsors paid another $200 million to extend contracts after the Olympics were postponed.

That does not include partnerships with Japanese companies Toyota, Bridgestone, and Panasonic, and others such as South Korea’s Samsung, which through a separate programme for top-tier sponsors have separate deals with the International Olympic Committee (IOC) worth hundreds of millions of dollars.

INSURANCE

Although the cancellation scenario is looking less likely by the day, global insurers would face a hefty bill should that happen, with estimates running to a loss of up to $3 billion.

The IOC takes out about $800 million of protection for each Summer Games, which covers most of the roughly $1 billion investment it makes in each host city.

Organisers in Tokyo will have taken out a further policy, estimated at about $650 million.

Analysts with financial services firm Jefferies estimate the insured cost of the 2020 Olympics at $2 billion, including TV rights and sponsorship, plus $600 million for hospitality.

MEDIA

Broadcaster NBCUniversal had reaped a record $1.25 billion in U.S. national advertising spending for the Games before they were postponed in 2020 and has spent the past year trying to get sponsors to support them again this year, entertainment business magazine Variety reported.

NBCUniversal’s parent company Comcast agreed to pay $4.38 billion for U.S. media rights to four Olympics from 2014 to 2020, it added.

Discovery Communications, the parent of television channel Eurosport, has agreed to pay 1.3 billion euros ($1.4 billion) to screen the Olympics from 2018 to 2024 across Europe.

HIT TO THE ECONOMY

The Olympics were originally expected to be a huge tourist draw, but banning foreign spectators put paid to hopes of an early recovery in inbound tourism, frozen since last year.

In 2019, Japan hosted 31.9 million foreign visitors, who spent nearly 4.81 trillion yen ($44 billion). Numbers plunged 87% in 2020 to just 4.1 million, a 22-year low.

Though highly unlikely now, a full cancellation would mean lost stimulus of 1.8 trillion yen, or 0.33% of gross domestic product (GDP), the Nomura Research Institute said in a recent report.

But Nomura Research Institute executive economist Takahide Kiuchi said that loss would pale in comparison with the economic hit from emergency curbs if the Games turned into a coronavirus super-spreader event.

“If the (Olympic Games) trigger the spread of infections and necessitate another emergency declaration, then the economic loss would be much greater,” Kiuchi said.

($1 = 110.4000 yen)

(Reporting by Elaine Lies; Editing by Lincoln Feast.)

 

  

Oman: Will the Protests and Covid-19 Lead to Structural Economic Reform?

The recent protests and the effects of the pandemic have emphasized the need to expedite structural economic reforms.



FATMA AL-ARIMI
July 07, 2021
عربي

The onset of the Covid-19 pandemic coincided with the beginning of Sultan Haitham Bin Tariq’s reign in January 2020. In his second speech, Sultan Haitham stressed the need for streamlining procedures, fighting corruption, and improving governance, integrity, and accountability as well as restructuring the state’s administrative apparatus and modernizing its legislation. The transfer of power was seen as an opportunity to revive Oman’s economy, most importantly by restoring the balance among the government, private sector, and civil society. More recently, protests across Oman have reignited the push for a better economic situation with one clear demand: employment.

Although the country adopted Oman Vision 2040, a long-term strategic plan with economic and social goals, the government needed an emergency mid-term financial plan to alleviate current fiscal issues and to pave the way for the vision's implementation.1 In September 2019, the government began working on a fiscal plan to address Oman’s economic challenges, especially those that arose during the country’s ninth five-year plan. The key problem was the expansion of the administrative apparatus during the last few years of the late Sultan Qaboos’ reign, when he passed many tasks off to people whom he trusted to run the affairs of the state. The first draft of the Medium-Term Fiscal Plan (MTFP), referred to as Tawazon (“Balance”), was presented to Sultan Haitham in February 2020.2 However, the effects of the pandemic were not felt until the end of the first quarter of 2020, so the plan did not include any measures to address related economic challenges. As a result, a new objective was added to the plan, which aimed to balance the state budget in light of historic challenges and included steps to account for the financial impact of the pandemic while still achieving the outlined goals within the envisioned timeline.3

Despite having a plan, the government was not able to mitigate the effects of the pandemic on the economy. The impacts infiltrated the economy and drained liquidity from the private sector, lowered the morale of the public sector, and eliminated jobs for locals. The government suspended privileges of senior state officials, retired 70 percent of its tenured employees, abolished or merged several councils and ministries, and revised government contracts. Such measures, which put government spending on a strict diet, negatively affected the flow of capital to a government-driven economy and played out in the private sector. The effects were seen most at the small and medium enterprise level because of several shutdowns as well as the suspension or cancellation of government projects.

Thus, the government’s attempts to mitigate the effects of the pandemic actually exacerbated the economic situation, making clear that the government needed to find a way to balance competing priorities and needs. On one hand, the government must continue to reduce government spending and boost revenues if it wants to meet the goals set forth in the fiscal plan as well as Oman Vision 2040. On the other hand, it needs to strengthen and broaden the social security system to mitigate a higher unemployment rate as well as the effects on the population of the gradual lifting of subsidies for electricity and water and the introduction of a value-added tax (VAT) that came into effect this year.

In an attempt to address continued economic decline, a new economic stimulus plan was announced in March 2021. The plan enabled the government to grant tax exemptions, banking facilities, and preferential measures to large investors in the sectors targeted for economic diversification in the current five-year plan.

Despite the attempt to stimulate economic growth, challenges related to employment still remain. Government promises of employment, vocational training, and work opportunities have clearly done little to help, as official data show continued high unemployment, an indicator of an economic slowdown.4 As the government aims to streamline the administrative structure, the number of Omanis in the public sector is declining. The civil unrest in May 2021 resulted in royal orders to increase job opportunities in the public and private sectors. However, it seems that the government only intends to replace essential public sector employees while relying on the private sector to create most jobs.

Not only will these changes take time to produce positive results, but the transformation of Oman’s economy will not be complete until the relationship among the government, the private sector, and civil society is rebalanced. The current relationship is not conducive to propelling Oman’s economy to the envisioned success. Facing a dire need for more private sector investment and employment, the government is under pressure to better its relationship with the private sector and provide incentives for collaboration. The private sector is expecting the government to put a leash on the growing number of State-Owned Enterprises (SOEs) that were established over the past decade. Additionally, the private sector is demanding that its input be reflected in the government’s decisions and not merely used for show in a superficial demonstration of partnership. This happened in 2016 when the government launched an economic diversification scheme (Tanfeedh) with hundreds of private sector representatives. Participants’ optimism faded quickly, however, as most of what was agreed on has yet to be implemented.

On the civil society level, citizens have yet to feel that they are a part of the decision-making process. As the government moves to enact more legislation that directly affects citizens, the public’s demands to be more engaged in the policy process have increased. Representation of citizens’ demands is crucial to achieving Oman’s economic goals because of the significant role citizens play in revenue generation for the economy. Additionally, not only will citizens’ participation help strengthen the middle class, but it will also increase its trust of the government.

The new Sultan has acknowledged the need to rebalance the relationship among the government, private sector, and civil society by presenting new expectations for a symbiotic working relationship that is based on each side playing its part. If Oman is to improve its economic situation and meet the goals of Oman Vision 2040, distrust among the three parties cannot continue as it has over the last few decades and each party must meet its outlined expectations. Only time will tell if these newly remodeled partnerships will last and bring about the change needed.


Fatma al-Arimi is an Omani journalist and the managing director at The Media Centre (TMC).

NOTES

1 The work on Vision 2040 draft was supervised by Haitham Bin Tariq since 2013, years before becoming the Sultan. In December 2020, Haitham, as a Sultan, approved the vision.

2 Arabic source: Nasser al-Jashmi, the sec-gen of Oman's Ministry of Finance, in an interview to the state TV

3 These challenges were accumulated in the past. The financial challenges were there in 2011, became clearer in 2015, and the government started addressing them by initiating Tanfeedh in 2016 and Tawazon in 2019.

4 According to the monthly statistical bulletins issued by the National Center for Statistics and Information (NCSI), the rate of job-seekers increased from 2.1% in May 2020 to 4.9% in May 2021. The number of job security grant recipients doubled between November 2020 and March 2021.


Carnegie does not take institutional positions on public policy issues; the views represented herein are those of the author(s) and do not necessarily reflect the views of Carnegie, its staff, or its trustees.


Biden fires Trump-appointed U.S. Social Security chief after he refuses to resign

By Darlene Superville
 The Associated Press
Posted July 9, 2021 
 
In this Tuesday, Oct. 2, 2018, file photo, the Senate Finance Committee holds a hearing on the nomination of Andrew Saul to be commissioner of the Social Security Administration, on Capitol Hill in Washington. On Friday, July 9, 2021, President Joe Biden fired Social Security Administration Commissioner Saul after Saul refused to resign, and accepted the deputy commissioner's resignation, the White House said. (AP Photo/J. Scott Applewhite, File).

U.S. President Joe Biden on Friday fired the commissioner of Social Security after the official refused to resign, and Biden accepted the deputy commissioner’s resignation, the White House said.


Biden asked commissioner Andrew Saul to resign, and his employment was terminated after he refused the Democratic president’s request, a White House official said.

Deputy Commissioner David Black agreed to resign, said the official, who spoke on condition of anonymity to discuss personnel matters.

Both officials had been put in place under President Donald Trump, a Republican.

Biden named Kilolo Kijakazi as acting commissioner while the administration conducts a search for a permanent commissioner and deputy commissioner.

Kijakazi currently is the deputy commissioner for retirement and disability policy at the Social Security Administration.

Saul’s removal followed a Justice Department legal opinion that found he could be removed, despite a statute that says he could only be fired for neglecting his duties or malfeasance.

The opinion — researched at the request of the White House — concluded that a reevaluation because of a recent Supreme Court ruling meant that Saul could be fired by the president at will.

Biden’s move got immediate support from the Democratic senator who would be in charge of confirming a successor to Saul. Republican lawmakers accused Biden of politicizing the agency and pointed to Saul’s confirmation by a bipartisan Senate vote in 2019.

Senate Finance Committee Chairman Ron Wyden, D-Ore., said in a statement that “every president should chose the personnel that will best carry out their vision for the country.

“To fulfill President Biden’s bold vision for improving and expanding Social Security, he needs his people in charge,” Wyden added, pledging to work to confirm a new commissioner “as swiftly as possible.”

Rep. Bill Pascrell, D-N.J., who several months ago began demanding the ouster of Saul and Black, celebrated their Friday firings.

“Social Security is in deep trouble,” Pascrell said.



Sen. Mike Crapo of Idaho, the top Republican on the finance committee, and Rep. Kevin Brady of Texas, the top Republican on the House Ways and Means Committee, issued a joint statement calling Biden’s decision “disappointing.” The pair claimed “Social Security beneficiaries stand the most to lose from President Biden’s partisan decision to remove Commissioner Andrew Saul.”

Senate Minority Leader Mitch McConnell, R-Ky., called the personnel move an “unprecedented and dangerous politicization of the Social Security Administration.”



The agency, headquartered in Baltimore, pays benefits, funded by a tax on wages paid by employers and employees, to about 64 million people, including retirees, children, widows and widowers, according to its website. The agency has a staff of about 60,000 employees.

Saul was confirmed by a Senate vote of 77-16 in 2019 to a six-year term that would have expired in January 2025, tweeted Sen. Chuck Grassley, R-Iowa.

The labor union that represents Social Security employees also welcomed the firings.

Ralph de Juliis, spokesperson for the American Federation of Government Employees SSA General Committee and Council 220 President, said employee morale and agency operations had suffered under Saul and Black’s leadership.

“President Biden made the right call to send these Trump appointees packing,” de Juliis said.

Associated Press writer Mike Balsamo contributed to this report.

More competition: Biden signs order targeting big business

“Let me be clear: Capitalism without competition isn’t capitalism. 

It’s exploitation," he said.

President Joe Biden signed an executive order on Friday targeting what he labeled anticompetitive practices in tech, health care and other parts of the economy, declaring it would fortify an American ideal “that true capitalism depends on fair and open competition."

The sweeping order includes 72 actions and recommendations that Biden said would lower prices for families, increase wages for workers and promote innovation and faster economic growth. However, new regulations that agencies may write to translate his policy into rules could trigger major legal battles.

The order includes calls for banning or limiting noncompete agreements to help boost wages, allowing rule changes that would pave the way for hearing aids to be sold over the counter at drugstores and banning excessive early termination fees by internet companies. It also calls on the Transportation Department to consider issuing rules requiring airlines to refund fees when baggage is delayed or in-flight services are not provided as advertised.

At a White House signing ceremony, Biden said of some in big business: “Rather than competing for consumers they are consuming their competitors; rather than competing for workers they are finding ways to gain the upper hand on labor."

“Let me be clear: Capitalism without competition isn’t capitalism. 

It’s exploitation," he said.

The White House said Biden’s order follows in the tradition of past presidents who took action to slow corporate power. Theodore Roosevelt’s administration broke up powerful trusts that had a grip on huge swaths of the economy, including Standard Oil and J.P. Morgan’s railroads. Franklin D. Roosevelt’s administration stepped up antitrust enforcement in the 1930s.

But experts noted that Biden's sprawling presidential initiative is hardly a mandate on competition.

“This is really more of a blueprint or agenda than a traditional executive order,” said Daniel Crane, a law professor at the University of Michigan who focuses on antitrust. “This is a very broad and ambitious policy agenda for the Biden administration that offers lots of insights on the administration’s direction and priorities, but there could be many a slip between the cup and the lip.”

Biden's order includes a flurry of consumer-pointed initiatives that could potentially lead to new federal regulations, but it also includes plenty of aspirational language that simply encourages agencies to take action meant to bolster worker and consumer protections.

Business and trade groups quickly expressed opposition, arguing that the order would stifle economic growth just as the U.S. economy is recovering from the coronavirus pandemic.

“Some of the actions announced today are solutions in search of a problem,” said Jay Timmons, president and CEO of the National Association of Manufacturers. “They threaten to undo our progress by undermining free markets and are premised on the false notion that our workers are not positioned for success.”

The order seeks to address noncompete clauses — an issue affecting some 36 million to 60 million Americans, according to the White House — by encouraging the Federal Trade Commission to ban or limit such agreements, ban unnecessary occupational licensing restrictions and strengthen antitrust guidance to prevent employers from collaborating to suppress wages or reduce benefits by sharing wage and benefit information with one another.

Noncompete agreements often stop workers in a variety of industries from going to other employers for higher pay. Biden noted that in some states even fast food franchises include such clauses for low-wage workers.

“Come on, are there trade secrets about what’s inside the patty?” Biden said.

The order also takes aim at tech giants Facebook, Google, Apple and Amazon by calling for greater scrutiny of mergers, “especially by dominant internet platforms, with particular attention to the acquisition of nascent competitors, serial mergers, the accumulation of data, competition by ‘free’ products, and the effect on user privacy.”

In his executive order, Biden also calls on the Federal Maritime Commission to take action against shippers that it says are “charging American exporters exorbitant charges” and the Surface Transportation Board to require railroad track owners to “strengthen their obligations to treat other freight companies fairly.”

The White House argues that rapid consolidation and sharp hikes in pricing in the shipping industry have made it increasingly expensive for U.S. companies to get goods to market. In 2000, the largest 10 shipping companies controlled 12% of the market. They now control about 82%, according to the Journal of Commerce.

The World Shipping Council, an industry trade group, pushed back in a statement that “normalized demand, not regulation," is the way to answer rising costs.

“There is no market concentration ‘problem’ to ‘fix,’ and punitive measures levied against carriers based on incorrect economic assumptions will not fix the congestion problems," said John Butler, president and CEO of the council.

The order also notes that over the past two decades the U.S. has lost 70% of the banks it once had, with around 10,000 bank closures. Communities of color and rural areas have been disproportionately affected.

To begin addressing the trend, the order encourages the Justice Department as well as the Federal Reserve, the Federal Deposit Insurance Corporation and the Office of the Comptroller of the Currency to update guidelines to provide greater scrutiny of mergers. It also encourages the Consumer Financial Protection Bureau to issue rules allowing customers to download their banking data and take it with them when they switch.

The order includes several provisions that could affect the agricultural industry. It calls on the U.S. Department of Agriculture to consider issuing new rules defining when meat can use “Product of USA” labels. It also encourages the FTC to limit farm equipment manufacturers' ability to restrict the use of independent repair shops or do-it-yourself repairs — such as when tractor companies block farmers from repairing their own tractors.

Democratic lawmakers and union leaders cheered the order.

Sen. Amy Klobuchar, a Minnesota Democrat who chairs the Senate Judiciary Subcommittee on Competition Policy, said that Biden's executive order needs to be buttressed by congressional action.

“Competition policy needs new energy and approaches so that we can address America’s monopoly problem," Klobuchar said. “That means legislation to update our antitrust laws, but it also means reimagining what the federal government can do to promote competition under our current laws.”

Biden targets airlines, internet, hearing aids, phone repairs and more in new order

Here are some of the products and services the Biden administration is targeting



By Audrey Conklin FOXBusiness
video

Biden delivers remarks, signs executive order on promoting competition in American economy

Pres Biden delivers remarks and signs an executive order on promoting competition in the American economy.

President Joe Biden on Friday issued a new executive order aimed at boosting competition in various industries, targeting products and services like airline refunds, internet bills, hearing aids and more.

The executive order contains 72 actions and recommendations meant to promote innovation across various sectors of the economy from tech to health care to agriculture, and thereby improve workforce conditions and drive costs down, according to a White House fact sheet.

BIDEN SIGNS SWEEPING EXECUTIVE ORDER TAKING AIM AT BIG TECH, ANTI-COMPETITIVE PRACTICES

"The heart of American capitalism is a simple idea: Open and fair competition," Biden said in remarks at the White House, shortly before signing the order. "That means if your companies want to win your business, they have to go out and they have got to up their game. Better prices and services, better ideas and products. The competition keeps the economy moving and it keeps it growing. A competitive economy must mean that companies do everything they can to compete for workers."

Here are some of the products and services the Biden administration is targeting in an effort to boost competition and consumer choices:

Airlines

The White House noted in its fact sheet that reduced competition among airlines has resulted in higher baggage and cancelation fees despite millions of instances of delayed baggage each year.

The administration is directing the DOT to consider issuing rules requiring airlines to refund fees when baggage is delayed or when a service like in-flight WiFi does not work. It is also recommending the DOT implement rules requiring baggage, flight change and cancellation fees to be "clearly disclosed to the customer."

Internet/broadband

The Biden administration believes that cracking down on broadband services will boost competition, especially for Americans living in rural areas, giving consumers more options and driving down internet costs.

BIG TECH FACES NEW ONSLAUGHT ON CAPITOL HILL

It is calling on the FCC to ensure internet service providers are offering fair prices by requiring them to report prices and subscription rates to the commission, and to limit high early cancellation fees.

President Joe Biden signs an executive order aimed at promoting competition in the economy, in the State Dining Room of the White House, Friday, July 9, 2021, in Washington. (AP Photo/Evan Vucci)


The administration also plans to reimplement Obama-era "Net Neutrality" rules, which essentially treated internet service providers and cable companies like public utilities, and subjected them to various rules preventing the prioritization of certain types of content.

Hearing aids

Biden wants hearing aids to be sold over-the-counter to reduce costs for Americans who are hard of hearing.


The administration is asking the Department of Health and Human Services to consider issuing a proposal within 120 days to allow hearing aids to be sold over the counter. It is also calling on HHS to come up with a plan in 45 days to "combat high prescription drug prices and price gouging."

Phone and computer repairs

The president is also taking on Big Tech by establishing "an administration policy" to survey mergers between small tech companies and tech giants that can stamp out competition and consumer options. He is also encouraging the Federal Trade Commission (FTC) to monitor the collection of user data and surveillance of consumers by large tech companies.

Finally, the administration is also calling on the FTC to implement "rules against anti-competitive restrictions on using independent repair shops or doing DIY repairs" of technology devices and equipment, such as smartphones. Independent phone and computer repair shops have called on tech giants like Apple to change their repair provider rules.

Agriculture equipment repairs

Biden is urging the U.S. Department of Agriculture to consider implementing new rules under the Packer and Stockyard Act; clarify rules as to which products can be labeled as "Product of USA"; and limit agriculture equipment manufacturers from restricting farmers' ability to conduct their own repairs, among other initiatives aimed at boosting agricultural competition and small farms' success.

President Joe Biden speaks before signing an executive order aimed at promoting competition in the economy, in the State Dining Room of the White House, Friday, July 9, 2021, in Washington. (AP Photo/Evan Vucci)


The White House mentioned "tractor companies" that "block farmers from repairing their own tractors," which may be a reference to John Deere, which does not allow "unauthorized" independent repairs and which uses unique software locks that make tractors unusable if they are fixed by anyone other than John Deere technicians, according to Vice.

"Let me be very clear: Capitalism without competition isn't capitalism. It's exploitation," Biden said Friday. "Without healthy competition, big players can change and charge whatever they want and treat you however they want. And for too many Americans that means accepting a bad deal for things you can't go without. So, we know we've got a problem, a major problem. But we also have an incredible opportunity."

Progressive lawmakers celebrated the jam-packed executive order, while business groups and Republicans slammed it as harmful to the free market.

Sen. Elizabeth Warren, a fierce consumer advocate, lauded the executive order as a "critical" step to protect working-class Americans and urged Congress to pass legislation codifying the measure into law.

But the U.S. Chamber of Commerce said in a blistering statement that the directive "smacks of a 'government knows best' approach to managing the economy" and vowed to "vigorously oppose calls for government-set prices, onerous and legally questionable rulemakings, efforts to treat innovative industries as public utilities, and the politicization of antitrust enforcement."

Fox Business' Megan Henney, Charlie Gasparino and Lydia Moynihan contributed to this report.
Hackers disrupt Iran’s rail service with fake delay messages

TEHRAN, Iran (AP) — Iran’s railroad system came under cyberattack on Friday, a semi-official news agency reported, with hackers posting fake messages about train delays or cancellations on display boards at stations across the country.

The hackers posted messages such as “long delayed because of cyberattack” or “canceled” on the boards. They also urged passengers to call for information, listing the phone number of the office of the country’s supreme leader, Ayatollah Ali Khamenei.

The semiofficial Fars news agency reported that the hack led to “unprecedented chaos” at rail stations.

No group took responsibility. Earlier in the day, Fars said trains across Iran had lost their electronic tracking system. It wasn’t immediately clear if that was also part of the cyberattack.

Fars later removed its report and instead quoted the spokesman of the state railway company, Sadegh Sekri, as saying “the disruption” did not cause any problem for train services

In 2019, an error in the railway company’s computer servers caused multiple delays in train services.

In December that year, Iran’s telecommunications ministry said the country had defused a massive cyberattack on unspecified “electronic infrastructure” but provided no specifics on the purported attack.

It was not clear if the reported attack caused any damage or disruptions in Iran’s computer and internet systems, and whether it was the latest chapter in the U.S. and Iran’s cyber operations targeting the other.

Iran disconnected much of its infrastructure from the internet after the Stuxnet computer virus — widely believed to be a joint U.S.-Israeli creation — disrupted thousands of Iranian centrifuges in the country’s nuclear sites in the late 2000s.
Kaseya ransomware attack updates: Your questions answered

Here is everything we know so far. ZDNet will update this primer as we learn more.



By Charlie Osborne | July 9, 2021
| Topic: Security
ZDNET 

Kaseya, an IT solutions developer for MSPs and enterprise clients, announced that it had become the victim of a cyberattack on July 2, over the American Independence Day weekend.




It appears that attackers have carried out a supply chain ransomware attack by leveraging a vulnerability in Kaseya's VSA software against multiple managed service providers (MSP) -- and their customers.

Also: Should Kaseya pay the ransom? Experts are divided

According to Kaseya CEO Fred Voccola, less than 0.1% of the company's customers were embroiled in the breach -- but as their clientele includes MSPs, this means that smaller businesses have also been caught up in the incident.

Present estimates suggest that 800 to 1500 small to medium-sized companies may have experienced a ransomware compromise through their MSP.

The attack is reminiscent of the SolarWinds security fiasco, in which attackers managed to compromise the vendor's software to push a malicious update to thousands of customers. However, we are yet to find out just how widespread Kaseya's ransomware incident will prove to be.

Here is everything we know so far. ZDNet will update this primer as we learn more.

What is Kaseya?

Kaseya's international headquarters is in Dublin, Ireland, and the company has a US headquarters in Miami, Florida. The vendor maintains a presence in 10 countries.

Kaseya provides IT solutions including VSA, a unified remote-monitoring and management tool for handling networks and endpoints. In addition, the company provides compliance systems, service desks, and a professional services automation platform.

The firm's software is designed with enterprises and managed service providers (MSPs) in mind, and Kaseya says that over 40,000 organizations worldwide use at least one Kaseya software solution. As a provider of technology to MSPs, which serve other companies, Kaseya is central to a wider software supply chain.


What happened?


On July 2 at 2:00 PM EDT, as previously reported by ZDNet, Kaseya CEO Fred Voccola announced "a potential attack against the VSA that has been limited to a small number of on-premise customers."

At the same time, out of an abundance of caution, Voccola urged clients to immediately shut down their VSA servers.

"It's critical that you do this immediately because one of the first things the attacker does is shut off administrative access to the VSA," the executive said.

Customers were notified of the breach via email, phone, and online notices.

As Kaseya's Incident Response team investigated, the vendor also decided to proactively shut down its SaaS servers and pull its data centers offline.

By July 4, the company had revised its thoughts on the severity of the incident, calling itself the "victim of a sophisticated cyberattack."

Cyber forensics experts from FireEye's Mandiant team, alongside other security companies, have been pulled in to assist.

"Our security, support, R&D, communications, and customer teams continue to work around the clock in all geographies to resolve the issue and restore our customers to service," Kaseya said, adding that more time is needed before its data centers are brought back online.

Once the SaaS servers are operational, Kaseya will publish a schedule for distributing a security patch to on-prem clients.

In a July 5 update, Kaseya said that a fix has been developed and would first be deployed to SaaS environments, once testing and validation checks are complete.

"We are developing the new patch for on-premises clients in parallel with the SaaS Data Center restoration," the company said. "We are deploying in SaaS first as we control every aspect of that environment. Once that has begun, we will publish the schedule for distributing the patch for on-premises customers."


The ransomware attack, explained

The FBI described the incident succinctly: a "supply chain ransomware attack leveraging a vulnerability in Kaseya VSA software against multiple MSPs and their customers."

Huntress (1,2) has tracked 30 MSPs involved in the breach and believes with "high confidence" that the attack was triggered via an authentication bypass vulnerability in the Kaseya VSA web interface.

According to the cybersecurity firm, this allowed the attackers to circumvent authentication controls, gain an authenticated session, upload a malicious payload, and execute commands via SQL injection, achieving code execution in the process.

Kyle Hanslovan, CEO and co-founder of Huntress, told attendees of a webinar discussing the technical aspects of the attack on July 6 that the threat actors responsible were "crazy efficient."

"There is no proof that the threat actors had any idea of how many businesses they targeted through VSA," Hanslovan commented, adding that the incident seemed to be shaped more due to a "race against time."

"Some of the functionality of a VSA Server is the deployment of software and automation of IT tasks," Sophos noted. "As such, it has a high level of trust on customer devices. By infiltrating the VSA Server, any attached client will perform whatever task the VSA Server requests without question. This is likely one of the reasons why Kaseya was targeted."

The vendor has also provided an in-depth technical analysis of the attack.

Security expert Kevin Beaumont said that ransomware was pushed via an automated, fake, and malicious software update using Kaseya VSA dubbed "Kaseya VSA Agent Hot-fix".

"This fake update is then deployed across the estate -- including on MSP client customers' systems -- as it [is] a fake management agent update," Beaumont commented. "This management agent update is actually REvil ransomware. To be clear, this means organizations that are not Kaseya's customers were still encrypted."

With a tip from RiskIQ, Huntress is also investigating an AWS IP address that may have been used as a launch point for the attack.

On July 5, Kaseya released an overview of the attack, which began on July 2 with reports of ransomware deployment on endpoints.

"In light of these reports, the executive team convened and made the decision to take two steps to try to prevent the spread of any malware: we sent notifications to on-premises customers to shut off their VSA servers and we shut down our VSA SaaS infrastructure," the company says.

According to the firm, zero-day vulnerabilities were exploited by the attackers to trigger a bypass authentication and for code execution, allowing them to infect endpoints with ransomware. However, Kaseya emphasizes that there is no evidence of the VSA codebase being "maliciously modified".

Wietse Boonstra, a Dutch Institute for Vulnerability Disclosure (DIVD) researcher, previously identified a number of vulnerabilities, tracked as CVE-2021-30116, which were used in the ransomware attacks. They were reported under a Coordinated Vulnerability Disclosure pact.

"Once Kaseya was aware of our reported vulnerabilities, we have been in constant contact and cooperation with them. When items in our report were unclear, they asked the right questions," DIVD says. "Also, partial patches were shared with us to validate their effectiveness. During the entire process, Kaseya has shown that they were willing to put in the maximum effort and initiative into this case both to get this issue fixed and their customers patched. "

Who has been impacted?


Over the weekend, Kaseya said that SaaS customers were "never at risk" and current estimates suggest that fewer than 40 on-prem clients worldwide have been affected.

However, it should be noted that while a small number of Kaseya clients may have been directly infected, as MSPs, SMB customers further down the chain relying on these services could be impacted in their turn.

According to reports, 800 Coop supermarket chain stores in Sweden had to temporarily close as they were unable to open their cash registers.

Huntress said in a Reddit explainer that an estimated 1,000 companies have had servers and workstations encrypted. The vendor added that it is reasonable to suggest "thousands of small businesses" may have been impacted.

"This is one of the farthest-reaching criminal ransomware attacks that Sophos has ever seen," commented Ross McKerchar, Sophos VP. "At this time, our evidence shows that more than 70 managed service providers were impacted, resulting in more than 350 further impacted organizations. We expect the full scope of victim organizations to be higher than what's being reported by any individual security company."

On July 5, Kaseya revised previous estimates to "fewer than 60" customers, adding that "we understand the total impact thus far has been to fewer than 1,500 downstream businesses."

Now, on July 6, the estimate is between 50 direct customers, and between 800 and 1,500 businesses down the chain.

When it comes to SaaS environments, Kaseya says, "We have not found evidence that any of our SaaS customers were compromised."

In a press release dated July 6, Kaseya has insisted that "while impacting approximately 50 of Kaseya's customers, this attack was never a threat nor had any impact to critical infrastructure."

The number of vulnerable Kaseya servers online, visible, and open to attackers dropped by 96% from roughly 1,500 on July 2 to 60 on July 8, according to Palo Alto Networks.

Juniper Networks driven by Mist AI delivers the secure AI-Driven Enterprise, focused on optimizing user experiences from client-to-cloud and simplifying IT operations across the WLAN, LAN, WAN, and cloud.

Mist AI revolutionizes traditional networks that are riddled with complexity and technical debt with AI-driven insights and automation for unprecedented scalability, reliability, and agility.

Kaseya CEO Fred Voccola said that the attack, "for the very small number of people who have been breached, it totally sucks."

"We are two days after this event," Voccola commented. "We have about 150 people that have probably slept a grand total of four hours in the last two days, literally, and that'll continue until everything is as perfect as can be."

Less than 0.1% of the company's customers experienced a breach.

"Unfortunately, this happened, and it happens," the executive added. "Doesn't make it okay. It just means it's the way the world we live in is today."

What is ransomware?

Ransomware is a type of malware that specializes in the encryption of files and drives.

In what has become one of the most severe and serious security problems modern businesses now face, ransomware is used by threat actors worldwide to hijack systems and disrupt operations.

Once a victim's system or network has been encrypted, cyber criminals will place a ransom note on the system, demanding payment in return for a decryption key (which may, or may not, work).

Today's ransomware operators may be part of Ransomware-as-a-Service (RaaS), when they 'subscribe' to access and use a particular type of ransomware. Another emerging trend is double extortion, in which a victim will have their information stolen during a ransomware raid.

If they refuse to pay up, they may then face the prospect of their data being sold or published online.

Common and well-known ransomware families include REvil, Locky, WannaCry, Gandcrab, Cerber, NotPetya, Maze, and Darkside.

Read on: What is ransomware? Everything you need to know about one of the biggest menaces on the web



Who is responsible?Charlie Osborne | ZDNet

The cyberattack has been attributed to the REvil/Sodinikibi ransomware group, which has claimed responsibility on its Dark Web leak site, "Happy Blog."

In an update over the weekend, the operators, believed to have ties to Russia, claimed that more than "a million" systems have been infected.

REvil has offered a decryption key, allegedly universal and, therefore, able to unlock all encrypted systems, for the 'bargain' price of $70 million in the bitcoin (BTC) cryptocurrency.

REvil has been previously linked to ransomware attacks against companies, including JBS, Travelex, and Acer.


What are the ransomware payment terms?


The ransomware note claims that files are "encrypted, and currently unavailable." A file extension .csruj has reportedly been used. Operators are demanding payment in return for a decryption key and one 'freebie' file decryption is also on the table to prove the decryption key works.

The operators add (spelling unchanged):


"Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests. If you will not cooperate with our service --for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practice - time is much more valuable than money."

Sophos malware analyst Mark Loman shared a screenshot on Twitter of a ransomware note planted on an infected endpoint demanding $44,999.

John Hammond, senior security researcher at Huntress, told ZDNet that the company has already seen ransom demands of up to $5 million.

Kevin Beaumont says that, unfortunately, he has observed victims "sadly negotiating" with the ransomware's operators.

Fabian Wosar, CTO of Emsisoft, has also explained in a Twitter thread why using a key obtained by a single organization paying up is unlikely to be a viable path for unlocking all victims.

"REvil absolutely has the capability of decrypting only a single victim without these purchased decryption tools being applicable for other victims hit by the same campaign public key," the security expert noted.

CNBC reports that the universal ransom demand has been reduced to $50 million in private conversations. However, as of July 7, the public demand for $70 million on the threat group's leak site remains unchanged.


What are the reactions so far?

At the time of the breach, Kaseya notified law enforcement and cybersecurity agencies, including the Federal Bureau of Investigation (FBI) and US Cybersecurity and Infrastructure Security Agency (CISA).

The FBI and CISA have released a joint statement on the security incident and are urging customers to run a tool provided by Kaseya to determine the risk of exploit, and to both enable and enforce multi-factor authentication (MFA) on enterprise accounts, wherever possible.

Kaseya has been holding meetings with the FBI and CISA "to discuss systems and network hardening requirements prior to service restoration for both SaaS and on-premises customers."

The White House is asking organizations to inform the Internet Crime Complaint Center (IC3) if they suspect they have been compromised.

On Saturday, US President Biden said he has directed federal intelligence agencies to investigate.

"Targeting [an] MSP platform (that is managing many customers at once) was very well thought and planned," Amit Bareket, CEO of Perimeter 81, told ZDNet. "What's unique is that hackers are becoming more strategic and targeting platforms that will filtrate down to many companies with one shot. RMMs [remote monitoring and management] are basically keys to many many companies, which amount to the kingdom for bad actors."

The White House has attempted to strengthen its stance on cybercrime in light of this attack, warning Russian President Vladimir Putin that unless he deals with the problem in his own backyard, "we will take action or reserve the right to take action on our own."


Are there any recovery plans?


As of July 4, Kaseya says the company has now moved on from a root cause analysis of the attack to recovery and patch plans, consisting of:

Communication of our phased recovery plan with SaaS first followed by on-premises customers.
Kaseya will be publishing a summary of the attack and what we have done to mitigate it.
Some lightly-used legacy VSA functionality will be removed as part of this release out of an abundance of caution. A specific list of the functionality and its impact on VSA capabilities will be outlined in the release notes.
There will be new security measures implemented including enhanced security monitoring of our SaaS servers by FireEye and enablement of enhanced WAF capabilities.
We have successfully completed an external Vulnerability Scan, checked our SaaS Databases for Indicators of Compromise, and have had external security experts review our code to ensure a successful service restart.

Data centers starting with the EU will be restored, followed by the UK, APAC, and then North American systems.

By late evening on July 5, Kaseya said a patch has been developed and it is the firm's intention to bring back VSA with "staged functionality" to hasten the process. The company explained:
The first release will prevent access to functionality used by a very small fraction of our user base, including:
Classic Ticketing
Classic Remote Control (not LiveConnect).
User Portal

Kaseya has now published an updated timeline for its restoration efforts, starting with the relaunch of SaaS servers, now set for July 6, 4:00 PM EDT and 7:00 PM EDT. Configuration changes to improve security will follow, including an on-premise patch, expected to land in 24 hours, or less, from the time SaaS servers come back online.

"We are focused on shrinking this time frame to the minimal possible -- but if there are any issues found during the spin-up of SaaS, we want to fix them before bringing our on-premises customers up," the firm says.

Additional security improvements include the creation of 24/7 SOCs for VSA, as well as a complimentary CDN with a web application firewall (WAF) for every VSA.

Update July 7: The timeline has not been met. Kaseya said that "an issue was discovered that has blocked the release" of the VSA SaaS rollout.

"We apologize for the delay and R&D and operations are continuing to work around the clock to resolve this issue and restore service," Kaseya commented.

In a service update, the vendor said it has been unable to resolve the problem.

"The R&D and operations teams worked through the night and will continue to work until we have unblocked the release," Kaseya added.

July 7, 12 pm EDT:

Kaseya hopes to resolve the SaaS systems rollout no later than the evening of Thursday, July 8. A playbook is currently being written up, due to be published today, which will provide guidelines for impacted businesses to deploy the upcoming on-prem VSA patch.


Current recovery status


As of July 8, Kaseya has published two run books, "VSA SaaS Startup Guide," and "On Premises VSA Startup Readiness Guide," to assist clients in preparing for a return to service and patch deployment.

Recovery, however, is taking longer than initially expected.

"We are in the process of resetting the timelines for VSA SaaS and VSA On-Premises deployment," the company says. "We apologize for the delay and changes to the plans as we work through this fluid situation."

In a second video message recorded by the firm's CEO, Voccola said:


"The fact we had to take down VSA is very disappointing to me, it's very disappointing to me personally. I feel like I've let this community down. I let my company down, our company let you down. [..] This is not BS, this is the reality."

The new release time for VSA is Sunday, in the afternoon, Eastern Time, in order to also harden the software and bolster its security ahead of deployment.


What can customers do?


Kaseya has released a tool, including Indicators of Compromise (IoC), which can be downloaded via Box. There are two PowerShell scripts for use: one on a VSA server, and the other has been designed for endpoint scanning.

The self-assessment scripts should be used in offline mode. They were updated on July 5 to also scan for data encryption and REvil's ransom note.

However, the scripts are only for potential exploit risk detection and are not security fixes. Kaseya will release patches as quickly as it can, but in the meantime, customers simply have to wait until Sunday.

Kaseya intends to bring customers back online on July 11, at 4 PM EDT.

"All on-premises VSA Servers should continue to remain offline until further instructions from Kaseya about when it is safe to restore operations," the firm said. "A patch will be required to be installed prior to restarting the VSA."

Cado Security has provided a GitHub repository for responders, including malware samples, IoCs, and Yara Rules.

Truesec CSIRT has also released a script on GitHub to identify and mitigate damage on infected systems.

Kaseya has also warned that scammers are trying to take advantage of the situation.

"Spammers are using the news about the Kaseya Incident to send out fake email notifications that appear to be Kaseya updates. These are phishing emails that may contain malicious links and/or attachments.

Do not click on any links or download any attachments claiming to be a Kaseya advisory."







More sharing, less shame: CompTIA ISAO wants to change the standard response to ransomware attacks


by Veronica Combs in Security on July 9, 2021

The information sharing organization helps companies deal with security threats and supports more collaboration overall.

Ransomware attacks are not going to stop any time soon and bad actors refine their attack techniques with every new breach. In addition to following best practices for securing networks and data, industry leaders and businesses of all sizes should prioritize information sharing.

MJ Shoer, senior vice president and executive director of the CompTIA ISAO, said the Kaseya attack was inevitable but it could have been considerably worse. A 2021 CompTIA survey found that 62% of MSPs were very concerned and 30% somewhat concerned about being targeted with cyberattacks.

"This attack underscores the point that we need to come together if we're going to gain the upper hand," he said.

Shoer said the tech industry needs to follow the information sharing example set by bad actors.

"Hackers do a phenomenal job sharing information— they tell each other what works, what doesn't," he said. "They're great at it, we need to be better than great."

Shoer said he wants the industry to erase the stigma associated with cyberattacks.

"That natural reaction to shame companies who get breached isn't helping," he said. "If we get enough organizations sharing what they're seeing, it gives all of us a chance to get the bad guys to back off."

John Collins, a senior analyst at Gartner for SecOps, SIEM, security services, threat intel and incident response, said that he has not seen empirical evidence suggesting increased threat intelligence sharing between security vendors, end user organizations and government. He has noticed more interest in threat intelligence sources and platforms.

"I have observed an increase from historically less security mature organizations who are looking for purpose-built tools for aggregating, curating, managing and operationalizing threat intelligence," he said. "Even TIP vendors are marketing their integration with MISP to allow for a wider range of sharing capability."

The CompTIA ISAO works with public and private cybersecurity agencies and organizations to help its members raise the cybersecurity awareness of the global tech industry. The community of nearly 1,176 member companies shares best practices, cyber threat intelligence and educational content. In addition to cybersecurity intelligence data, CompTIA ISAO members receive full access to all other CompTIA corporate member benefits.

"We all hope that it will prevent an attack but more often than not it helps address an attack or vulnerability or recover and remediate at issue," Shoer said.

Collins said that issues related to the consumption and management of TI are more important than general information sharing.

"I believe the industry needs to have some introspection on the quality of intelligence vs sharing data for the sake having a feed and claiming #tisharing," he said. "I have regular conversations with security leaders asking for better ways to consume and manage the intel they are getting because they are overwhelmed with data, have lots of false positives and are managing the indicators in a spreadsheet."

Collins said that companies and governments should look for ways to declassify or anonymize information to share important threats without putting national security at risk or revealing sensitive data.

"For example, no one outside of your organization needs or cares about an internal user name or machine name that is part of a file path, and you don't want to violate any privacy laws by exposing it," he said. "The vast majority of attacks are commodity in nature and a very small percentage are associated with sophisticated attacks carried out by a group targeting an organization."

Shoer said that he knows of only one CompTIA ISAO member that was hit by the attack, although a few members shut down their systems, as Kaseya recommended.

In addition to monitoring the threat landscape to warn members of potential problems, the ISAO also documents attacks so that members can learn from them.

As helpful as information sharing can be, exposing indicators or TTPs of an active attack can create more problems for other organizations dealing with the same adversary. Collins said it's a classic catch-22 situation.

"I know SecOps operators who were burned by security companies releasing indicators to the public and the adversary in their environment turned into a ghost," he said. "To get more out of the adversary you sometimes need to let them 'live' in an environment for a bit longer, yet they may be exfiltrating data from another company and their defenders or provider needs the intel to identify it and stop it."

This is where tools like MISP and threat intelligence platforms can present a method for sharing intel and often use a system similar to traffic light protocol, Collins said. This approach allows companies to choose what to share and who to share it with.
Plan, practice and prepare

Shoer said he sees a need for more table-top exercises so that companies can spot potential weak spots and formulate a response plan.

"Part of the challenge is taking the time to have these plans in place and then testing them regularly," he said.

This planning should include a priority list for restoring services after an attack has been resolved.

"Companies should think about how to prioritize restoration, by company size, industry, or public impact?" he said. "Companies should be playing these scenarios out and validating plans and looking for the gaps."

Shoer also said he sees more interest in keeping certain types of data in an air-gapped storage format to avoid the risk of a ransomware attack taking down backups along with live systems.

"Having those backups away from targeted networks is really important, including things that people may not be thinking of, such as bank statements and cyber liability insurance policies," he said. "Bad actors get into a network, sniff out this stuff and then set the ransomware amount based on your bank balance."

CompTIA's Cybersecurity Advisory Council provides educational materials and tools to help small business owners understand the risk of ransomware.

CompTIA launched the ISAO in August 2020 to "serve as the focal point for dealing with cyber-threats to technology vendors, MSPs, solution providers, integrators, distributors and business technology consultants." The organization's origins are in an ISAO started by tech entrepreneur Arnie Bellini in August 2019 as part of ConnectWise, the business automation software company he co-founded. Bellini transferred management and operations of the organization to CompTIA in early 2020.