Kaseya VSA products are being actively attacked by REvil supply chain attack with ransomware
RISK: Extremely High Risk
TYPE: Servers - Other Servers
On July 2, Kaseya's VSA remote monitoring and management platform are being actively attacked by REvil ransomware actors (attackers) and conduct supply-chain attack targeting multiple Managed Service Providers (MSPs) and their customers.
Kaseya is used by multiple MSPs, the affected organisations are being contacted by Kaseya directly.
Incident Summary:
- The REvil ransomware gang appears to have gained unauthorised access to the infrastructure of Kaseya.
- It enabled them to deploy a malicious update to Kaseya's VSA servers.
- The malicious updates was used to install the REvil ransomware from the VSA Server to all connected computers.
- It is reported that some of the victims received demands for $5 million in ransom. A retailer in Sweden was forced to close at least 800 stores due to the attack.
- Kaseya developed a compromise detection tool and is working on the security patch.
[Updated 12-July-2021] Security updates have been released to address CVE-2021-30116, CVE-2021-30119 and CVE-2021-30120 vulnerabilities.
Impact
- Cross-Site Scripting
- Denial of Service
- Security Restriction Bypass
- Information Disclosure
System / Technologies affected
Kaseya VSA Products
- On-Premises Servers
- SaaS
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
https://helpdesk.kaseya.com/hc/en-gb/articles/4403785889041
Vulnerability Identifier
Source
Related Link
- https://helpdesk.kaseya.com/hc/en-gb/articles/4403785889041
- https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689
- https://us-cert.cisa.gov/ncas/current-activity/2021/07/04/cisa-fbi-guidance-msps-and-their-customers-affected-kaseya-vsa
- https://therecord.media/kaseya-zero-day-involved-in-ransomware-attack-patches-coming/
Related Tags
Share with