Good information on kaseya supply chain attacks !!!
By MYBRANDBOOK
Attackers are actively exploiting the Kaseya VSA endpoint monitoring software to conduct a widespread supply chain attack targeting a number of Managed Service Providers (MSPs), according to multiple reports. Organizations usually use Kaseya VSA to perform centralized orchestration of systems in customer environments.
Attackers first infected victims via a malicious automatic update to the software, eventually delivering the REvil/Sodinokibi ransomware. Once active in victim environments, the ransomware encrypts the contents of systems on the network, causing widespread operational disruptions to a variety of organizations that use this software. REvil operates using a ransomware-as-a-service (RaaS) model, with affiliates leveraging a variety of tactics, techniques and procedures (TTPs) to infect victims and coerce them into paying to regain access to systems and data that are affected by the ransomware. In many cases, backup servers are also targeted during network-based ransomware attacks highlighting the importance of a regularly tested offline backup and recovery strategy. A text-based README is written into various directories on the system and functions as a ransom note. An example of one of these files can be seen below:
Kaseya’s current recommendation is to, “IMMEDIATELY shutdown your VSA server until you receive further notice from us. It's critical that you do this immediately, because one of the first things the attacker does is shutoff administrative access to the VSA.”
As mentioned above, backup servers may be targeted, so it’s paramount to have regularly tested offline backups and recovery strategies in place. Attackers can target backups that may be accessible via the network. Utilize the 3-2-1 method to keep your data safe: three copies of your data, on two different systems, with one copy stored offline.
Sophos is aware of a supply chain attack that uses Kaseya to deploy a variant of the REvil ransomware into a victim’s environment.The attack is geographically dispersed. Organizations running Kaseya VSA are potentially impacted. Kaseya has stated that the attack started around 14:00 EDT/18:00 UTC on Friday, July 2, 2021 and they are investigating the incident.
There's been a noticeable shift towards attacks on perimeter devices in recent years. Vulnerabilities in common internet facing devices allow attackers to compromise large numbers of systems at once with very little effort
It appears that the attackers used a zero-day vulnerability to remotely access internet facing VSA Servers. As Kaseya is primarily used by Managed Service Providers (MSPs) this approach gave the attackers privileged access to the devices of the MSP’s customers. Some of the functionality of a VSA Server is the deployment of software and automation of IT tasks. As such, it has a high level of trust on customer devices. By infiltrating the VSA Server, any attached client will perform whatever task the VSA Server requests without question. This is likely one of the reasons why Kaseya was targeted.
The latest version of X helps prevent deepfakes on social medi
To combat deepfakes and shallowfakes, Elon Musk revealed a new update t...
India and Namibia collaborate on a payment system similar to U
Once operational, the platform will enable digital transactions in Namibia,...
Sebi issues show-cause notices to six Adani group firms
Sebi issued show-cause notices to six Adani Group firms, including Adani ...
Microsoft to build a new data centre to support Thailand's tec
Microsoft has revealed intentions to construct a regional data centre as w...
OPTIEMUS INFRACOM
HP INDIA SALES PVT. LTD.
NUMERIC INDIA, A Group Brand Legrand
MICROTEK INTERNATIONAL PVT. LTD.
Technology Icons Of India 2023: Debjani Ghosh
Debjani Ghosh is the first woman president of NASSCOM (the umbrella bo...
Technology Icons Of India 2023: Lt Gen (Dr.) Rajesh Pant (Retd.)
LT Gen(Dr.) Rajesh Panth (Retd.), National cyber security coordination...
Technology Icons Of India 2023: Nandan Nilekani
Nandan Nilekani is the Co-Founder and Chairman of the Board, Infosys T...
BBNL empowering rural India digitally
BBNL provide high speed digital connectivity to Rural India at afforda...
ITI Limited widening its focus area
ITI Limited is a public sector undertaking company, has manufacturing ...
RailTel connecting every corner of India
RailTel is an ICT provider and one of the largest neutral telecom infr...
TECH DATA, A TD SYNNEX COMPANY
Tech Data Corporation was an American multinational distribution compa...
SONATA INFORMATION TECHNOLOGY LIMITED
Sonata Software Limited is a leading Modernization engineering company...
B D SOFTWARE
BD Software is the distributor of IT security solutions in India. The ...