Credit: Dreamstime
More than 1000 businesses from around the world have reportedly been impacted in a supply-chain attack where hackers exploited a vulnerability in a remote computer management tool called Kaseya VSA to deploy the REvil ransomware.
Kaseya shut down its cloud-based service and urged all users with on-premises deployments, which includes many managed services providers (MSPs), to immediately shut down their vulnerable servers until a patch is released.
This is not the first time cyber criminals and ransomware gangs have targeted MSPs as an easy way to gain access into corporate networks. Defending against this attack vector is not easy for many organisations since outsourcing IT administration means giving MSPs highly privileged access into their networks and systems.
The Kaseya VSA attack impact
The attack targeting Kaseya VSA servers started around midday on Friday in the US. It's possible this was timed intentionally ahead of a major holiday weekend because attackers hoped security teams would be slower to respond.
"Only a very small percentage of our customers were affected—currently estimated at fewer than 40 worldwide," Kaseya said in an advisory. "We believe that we have identified the source of the vulnerability and are preparing a patch to mitigate it for our on-premises customers that will be tested thoroughly. We will release that patch as quickly as possible to get our customers back up and running."
The company also shut down the SaaS version of VSA but noted cu ..
Support the originator by clicking the read the rest link below.
