5/17/2023 0 Comments Contra returns malware![]() Kyle Hanslovan, CEO and co-founder of Huntress, told attendees of a webinar discussing the technical aspects of the attack on July 6 that the threat actors responsible were "crazy efficient." Huntress ( 1, 2) has tracked 30 MSPs involved in the breach and believes with "high confidence" that the attack was triggered via an authentication bypass vulnerability in the Kaseya VSA web interface.Īccording to the cybersecurity firm, this allowed the attackers to circumvent authentication controls, gain an authenticated session, upload a malicious payload, and execute commands via SQL injection, achieving code execution in the process. The FBI described the incident succinctly: a "supply chain ransomware attack leveraging a vulnerability in Kaseya VSA software against multiple MSPs and their customers." Once that has begun, we will publish the schedule for distributing the patch for on-premises customers." "We are deploying in SaaS first as we control every aspect of that environment. ![]() "We are developing the new patch for on-premises clients in parallel with the SaaS Data Center restoration," the company said. In a July 5 update, Kaseya said that a fix has been developed and would first be deployed to SaaS environments, once testing and validation checks are complete. Once the SaaS servers are operational, Kaseya will publish a schedule for distributing a security patch to on-prem clients. "Our security, support, R&D, communications, and customer teams continue to work around the clock in all geographies to resolve the issue and restore our customers to service," Kaseya said, adding that more time is needed before its data centers are brought back online. "It's critical that you do this immediately because one of the first things the attacker does is shut off administrative access to the VSA," the executive said.Ĭustomers were notified of the breach via email, phone, and online notices.Īs Kaseya's Incident Response team investigated, the vendor also decided to proactively shut down its SaaS servers and pull its data centers offline.īy July 4, the company had revised its thoughts on the severity of the incident, calling itself the "victim of a sophisticated cyberattack."Ĭyber forensics experts from FireEye's Mandiant team, alongside other security companies, have been pulled in to assist. On July 2 at 2:00 PM EDT, as previously reported by ZDNet, Kaseya CEO Fred Voccola announced "a potential attack against the VSA that has been limited to a small number of on-premise customers."Īt the same time, out of an abundance of caution, Voccola urged clients to immediately shut down their VSA servers. If you see inaccuracies in our content, please report the mistake via this form. If we have made an error or published misleading information, we will correct or clarify the article. Our editors thoroughly review and fact-check every article to ensure that our content meets the highest standards. Our goal is to deliver the most accurate information and the most knowledgeable advice possible in order to help you make smarter buying decisions on tech gear and a wide array of products and services. ZDNET's editorial team writes on behalf of you, our reader. Indeed, we follow strict guidelines that ensure our editorial content is never influenced by advertisers. Neither ZDNET nor the author are compensated for these independent reviews. This helps support our work, but does not affect what we cover or how, and it does not affect the price you pay. ![]() When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions. And we pore over customer reviews to find out what matters to real people who already own and use the products and services we’re assessing. ![]() We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites. ZDNET's recommendations are based on many hours of testing, research, and comparison shopping. ![]()
0 Comments
Leave a Reply. |