Good information on kaseya supply chain attacks !!!
By MYBRANDBOOK
Attackers are actively exploiting the Kaseya VSA endpoint monitoring software to conduct a widespread supply chain attack targeting a number of Managed Service Providers (MSPs), according to multiple reports. Organizations usually use Kaseya VSA to perform centralized orchestration of systems in customer environments.
Attackers first infected victims via a malicious automatic update to the software, eventually delivering the REvil/Sodinokibi ransomware. Once active in victim environments, the ransomware encrypts the contents of systems on the network, causing widespread operational disruptions to a variety of organizations that use this software. REvil operates using a ransomware-as-a-service (RaaS) model, with affiliates leveraging a variety of tactics, techniques and procedures (TTPs) to infect victims and coerce them into paying to regain access to systems and data that are affected by the ransomware. In many cases, backup servers are also targeted during network-based ransomware attacks highlighting the importance of a regularly tested offline backup and recovery strategy. A text-based README is written into various directories on the system and functions as a ransom note. An example of one of these files can be seen below:
Kaseya’s current recommendation is to, “IMMEDIATELY shutdown your VSA server until you receive further notice from us. It's critical that you do this immediately, because one of the first things the attacker does is shutoff administrative access to the VSA.”
As mentioned above, backup servers may be targeted, so it’s paramount to have regularly tested offline backups and recovery strategies in place. Attackers can target backups that may be accessible via the network. Utilize the 3-2-1 method to keep your data safe: three copies of your data, on two different systems, with one copy stored offline.
Sophos is aware of a supply chain attack that uses Kaseya to deploy a variant of the REvil ransomware into a victim’s environment.The attack is geographically dispersed. Organizations running Kaseya VSA are potentially impacted. Kaseya has stated that the attack started around 14:00 EDT/18:00 UTC on Friday, July 2, 2021 and they are investigating the incident.
There's been a noticeable shift towards attacks on perimeter devices in recent years. Vulnerabilities in common internet facing devices allow attackers to compromise large numbers of systems at once with very little effort
It appears that the attackers used a zero-day vulnerability to remotely access internet facing VSA Servers. As Kaseya is primarily used by Managed Service Providers (MSPs) this approach gave the attackers privileged access to the devices of the MSP’s customers. Some of the functionality of a VSA Server is the deployment of software and automation of IT tasks. As such, it has a high level of trust on customer devices. By infiltrating the VSA Server, any attached client will perform whatever task the VSA Server requests without question. This is likely one of the reasons why Kaseya was targeted.
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
Paytm brings UPI Lite Wallet for low-value transactions
Paytm’s parent company One97 Communications (OCL) is emphasizing upon UP...
BHIM to join e-commerce, competing with PhonePe and Google Pay
The government-supported payment software BHIM is getting ready to join t...
TAC SECURITY SOLUTIONS
LENOVO GROUP LTD.
INFOSYS TECHNOLOGIES PVT. LTD.
EXIDE INDUSTRIES LTD.
Technology Icons Of India 2023: Rishad Premji
Rishad Premji is the son of the Wipro head Azim Premji and was named a...
Technology Icons Of India 2023: Mukesh D. Ambani
An Indian billionaire businessman Mukesh Dhirubhai Ambani is currently...
Technology Icons Of India 2023: Rajendra Singh Pawar
Rajendra Singh Pawar is an entrepreneur and businessperson who founded...
HPCL is transforming the energy landscape, across the nation and beyond
HPCL is world-class energy company known for caring and delighting the...
STPI encouraging software exports from India
Software Technology Parks of India (STPI) is an S&T organization under...
NPCI leading India towards Digital payments
The National Payments Corporation of India (NPCI) is an initiative tak...
INTEGRA MICRO SYSTEMS PVT. LTD.
Integra is a leading provider of innovative hi-technology products an...
IRIS GLOBAL SERVICES PVT. LTD.
Iris Global services is one of the leading distribution houses that d...
R P TECH INDIA
R P Tech is recognized for its diverse products portfolio, value-add...