Good information on kaseya supply chain attacks !!!
By MYBRANDBOOK
Attackers are actively exploiting the Kaseya VSA endpoint monitoring software to conduct a widespread supply chain attack targeting a number of Managed Service Providers (MSPs), according to multiple reports. Organizations usually use Kaseya VSA to perform centralized orchestration of systems in customer environments.
Attackers first infected victims via a malicious automatic update to the software, eventually delivering the REvil/Sodinokibi ransomware. Once active in victim environments, the ransomware encrypts the contents of systems on the network, causing widespread operational disruptions to a variety of organizations that use this software. REvil operates using a ransomware-as-a-service (RaaS) model, with affiliates leveraging a variety of tactics, techniques and procedures (TTPs) to infect victims and coerce them into paying to regain access to systems and data that are affected by the ransomware. In many cases, backup servers are also targeted during network-based ransomware attacks highlighting the importance of a regularly tested offline backup and recovery strategy. A text-based README is written into various directories on the system and functions as a ransom note. An example of one of these files can be seen below:
Kaseya’s current recommendation is to, “IMMEDIATELY shutdown your VSA server until you receive further notice from us. It's critical that you do this immediately, because one of the first things the attacker does is shutoff administrative access to the VSA.”
As mentioned above, backup servers may be targeted, so it’s paramount to have regularly tested offline backups and recovery strategies in place. Attackers can target backups that may be accessible via the network. Utilize the 3-2-1 method to keep your data safe: three copies of your data, on two different systems, with one copy stored offline.
Sophos is aware of a supply chain attack that uses Kaseya to deploy a variant of the REvil ransomware into a victim’s environment.The attack is geographically dispersed. Organizations running Kaseya VSA are potentially impacted. Kaseya has stated that the attack started around 14:00 EDT/18:00 UTC on Friday, July 2, 2021 and they are investigating the incident.
There's been a noticeable shift towards attacks on perimeter devices in recent years. Vulnerabilities in common internet facing devices allow attackers to compromise large numbers of systems at once with very little effort
It appears that the attackers used a zero-day vulnerability to remotely access internet facing VSA Servers. As Kaseya is primarily used by Managed Service Providers (MSPs) this approach gave the attackers privileged access to the devices of the MSP’s customers. Some of the functionality of a VSA Server is the deployment of software and automation of IT tasks. As such, it has a high level of trust on customer devices. By infiltrating the VSA Server, any attached client will perform whatever task the VSA Server requests without question. This is likely one of the reasons why Kaseya was targeted.
Microsoft to build a new data centre to support Thailand's tec
Microsoft has revealed intentions to construct a regional data centre as w...
SAP launches cloud services to help Indian scaleups innovate m
SAP at SAP unveils now "GROW with SAP for Scaleups," a new cloud service d...
Denodo and Sonata form alliance to unlock data-to-value creati
Denodo and Sonata Information Technology India Limited (SITL) have annou...
Google Play Store will now let users download two apps simulta
Google Play Store now lets users download two apps simultaneously. While a...
ATRIE TECHNOLOGY PVT. LTD.
JUVAS SOLUTIONS PVT. LTD.
FRESHWORKS TECHNOLOGIES PVT. LTD.
SAMRIDDHI AUTOMATIONS PVT. LTD.
Technology Icons Of India 2023: Dilip Asbe
Dilip Asbe is the MD & CEO of National Payments Corporation of India (...
Technology Icons Of India 2023: B.V.R. Subrahmanyam
B.V.R. Subrahmanyam belongs to Andhra Pradesh. He is a 1987-batch IAS ...
Technology Icons Of India 2023: Rajiv Memani
As Chair of the EY Global Emerging Markets Committee, Rajiv connects e...
STPI encouraging software exports from India
Software Technology Parks of India (STPI) is an S&T organization under...
NIC bridging the digital divide and supporting government in eGovernance
The National Informatics Centre (NIC) is an Indian government departme...
NPCI leading India towards Digital payments
The National Payments Corporation of India (NPCI) is an initiative tak...
ACCERON INFOSOL PVT. LTD.
It is a leading value added distributor in the IT security space and h...
SONATA INFORMATION TECHNOLOGY LIMITED
Sonata Software Limited is a leading Modernization engineering company...
NETPOLEON SOLUTIONS
Netpoleon Group is a Value-Added Distributor (VAD) of Network Security...