Warning: Your Network Has Been Infected

IT Software Firm Kaseya Falls Victim to Ransomware Attack

Software maker Kaseya Limited urged users of its VSA endpoint management and network monitoring tool to immediately shut down VSA servers to prevent them from being compromised in a widespread ransomware attack. The cyberattack exploited a zero-day vulnerability in the product. According to Kaseya, the attack began around 2:00 pm ET on Friday, July 2.

Businesses around the world rushed to contain the ransomware attack that paralyzed their computer networks. The timing of the attack does not seem to be a coincidence, as IT and security teams were likely understaffed and slower to respond due to the 4th of July holiday weekend in the United States.

There is no information yet regarding the number of organizations affected by ransom demands to get their systems working again. However, some cybersecurity researchers predict the attack targeting customers of software supplier Kaseya could be one of the broadest ransomware attacks on record.

The cybersecurity firm ESET says there are victims in at least 17 countries, including the United States, United Kingdom, South Africa, Canada, Argentina, Mexico, and Germany.

The attack appears to have exploited a zero-day vulnerability and delivery of a malicious Kaseya VSA software update. The update delivered a piece of ransomware that encrypted files on compromised systems. The hackers appear to have leveraged an authentication bypass flaw affecting the VSA web interface to upload the malicious payload. They were then able to execute arbitrary code on compromised systems.

Who Was Behind the Attack?

Cybersecurity experts say the REvil gang, a major Russian-speaking ransomware syndicate, appears to be behind the attack that targeted Kaseya. The attack used Kaseya’s network management package as a conduit to spread the ransomware through cloud-service providers.

The REvil ransomware was also used recently in an attack aimed at meat packaging giant JBS, which paid $11 million to the hackers to ensure that the files they stole would not be made public.

The number of impacted Kaseya customers is relatively small. However, their products are also used by managed service providers (MSPs), and the attackers were able to deliver the ransomware to the customers of those MSPs.

Coop, a Swedish grocery chain whose POS supplier uses an MSP affected by the Kaseya attack, was forced to close down a majority of its 800 stores.

This is just the latest in a string of recent cyberattacks, following the SolarWinds hack and JBS ransomware attack from earlier this year. The importance of a robust cybersecurity strategy has never been more evident.

 

Reduce Security Vulnerabilities Gaps With

CSP Authenticator+

 

Modern authentication methods represent a more robust security structure than simple passwords. They also provide a better user experience when logging into applications. MFA makes it easier for auditors to get answers to critical compliance questions. MFA provides valuable information, such as which users are granted access to which system and how the access policy is enforced. Additionally, some of the modern MFA applications available today also include reporting capabilities. That ensures that compliance standards, such as PCI-DSS, are met.

CSP Authenticator+® supports numerous authentication factors for NonStop. It provides a  RESTful interface that supports multi-factor authenticated logins on NonStop systems. CSP Authenticator+ resides on the NonStop Platform and uses an OSS “bridge” to connect to the RESTful interface of the CSP Authenticator+ web server.

CSP Authenticator® Dashboard

CSP Authenticator+ provides authentication services via Safeguard Authentication SEEP, or Pathway and Non-Pathway servers. Almost any application, including TACL, can now easily support multi-factor authentication (MFA).

Authentication methods such as RADIUS, RSA Cloud, Active Directory, and Open LDAP are supported. Additional authentication methods include RSA SecurID, Email, Text Message, and Google Authenticator. You can now enable MFA logins for different applications, making them more secure!

CSP Authenticator+ Key Features:

  • Support for various authentication methods
  • Browser-based user-friendly interface
  • Standardized authentication across platforms
  • Configurable for all or selected users
  • Support for virtual addressing

CSP – Compliance at your Fingertips ®

 

For complimentary access to CSP-Wiki®, an extensive repository of NonStop security knowledge and best practices, please visit wiki.cspsecurity.com

We Built the Wiki for NonStop Security ®

The CSP Team      

+1(905) 568 –8900