This vulnerability has been issued CVE-2021-30116 and was discovered and reported to Kaseya by a researcher for the Dutch Institute for Vulnerability Disclosure (DIVD). At the time of this blog, 1,500 downstream customers of these MSPs have been infected with ransomware. Instead, the attackers found and leveraged an unpatched zero-day vulnerability in Kaseya's VSA software. It was initially thought that Kaseya might have been compromised themselves as a root cause - similar to the compromises associated with SolarWinds software in December of 2020. The attack leveraged the on-premises servers deployed by IT Management Software vendor Kaseya. On, July 2 nd, a massive ransomware attack was launched against roughly 60 managed services providers (MSPs) by criminals associated with the REvil ransomware-as-a-service (RaaS) group.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |