Background of Attack:
Russia-based REvil criminal gang carried out a combination of ransomware and a so-called supply chain attack. It appears that the attackers used a Zero-Day Vulnerability to remotely access internet-facing Kaseya VSA Servers. As Kaseya VSA is primarily used by Managed Service Providers (MSPs), this approach gave the attackers privileged access to the devices of the MSP’s customers by seeding its ransomware using Kaseya’s trusted distribution mechanism – giving REvil front row seats to watch the dominos fall. Read More
Overall Attack Pathway:
Kaseya has stated that the attack started around 14:00 EDT/18:00 UTC on Friday, July 2, 2021 and they are investigating the incident.
Who Should Be Worried:
- Malaysian IT System Integrators that provide Remote IT Support using Kaseya’s software.
- End Users (Customers) who are using an MSP (Vendor) that uses Kaseya’s software to provide Remote IT Support.
How we Mitigate it:
Our expert team of engineers has been using the powerful capabilities of iNSIGHTNOW to search for indicators of compromise of Kaseya VSA in our customers’ network by identifying and hunting for this vulnerability. Thus, protecting them by automatically removing the software and/or getting a patch for it. Hence, preventing the attack before it is ever launched.
What is iNSIGHTNOW?
To effectively detect and mitigate zero-day attacks, a coordinated defense is needed — one that includes both prevention technology and a thorough response plan in the event of an attack. Organizations can prepare for these stealthy and damaging events by subscribing to a Managed Security Service like iNSIGHTNOW which is delivered by an expert team of engineers.
Organizations are backed by an elite team that take targeted actions to neutralize even the most sophisticated threats within the agreed Service Level Agreement (SLA). This includes:
- Monitoring your Network 24 x 7
- Threat Hunting via Queries Execution (regularly)
- Responding to Detected Threats
Threat Notification Isn’t the Solution – It’s a Starting Point.
Learn More: https://www2.internetnow.com.my/insightnow-managed-security-services/