REvil uses Kaseya VSA supply chain exploit to attack hundreds of businesses.

Overall Attack Pathway:

Kaseya has stated that the attack started around 14:00 EDT/18:00 UTC on Friday, July 2, 2021 and they are investigating the incident.

Who Should Be Worried:

• Malaysian IT System Integrators that provide Remote IT Support using Kaseya’s software.
• End Users (Customers) who are using an MSP (Vendor) that uses Kaseya’s software to provide Remote IT Support.

How we Mitigate it:
Our expert team of engineers has been using the powerful capabilities of iNSIGHTNOW to search for indicators of compromise of Kaseya VSA in our customers’ network by identifying and hunting for this vulnerability. Thus, protecting them by automatically removing the software and/or getting a patch for it. Hence, preventing the attack before it is ever launched.

What is iNSIGHTNOW?
To effectively detect and mitigate zero-day attacks, a coordinated defense is needed — one that includes both prevention technology and a thorough response plan in the event of an attack. Organizations can prepare for these stealthy and damaging events by subscribing to a Managed Security Service like iNSIGHTNOW which is delivered by an expert team of engineers.

Organizations are backed by an elite team that take targeted actions to neutralize even the most sophisticated threats within the agreed Service Level Agreement (SLA). This includes:

• Monitoring your Network 24 x 7
• Threat Hunting via Queries Execution (regularly)
• Responding to Detected Threats

Threat Notification Isn’t the Solution – It’s a Starting Point.

Learn More: https://www2.internetnow.com.my/insightnow-managed-security-services/