Published on July 3rd, 2021 📆 | 1963 Views ⚑
0Technology Provider Kaseya Warns of Cyberattack
Kaseya Ltd. warned Friday afternoon that a key software tool used by companies to manage technology at other businesses may have been the target of a cyberattack.
Kaseya advised customers to shut their copies of its VSA platform immediately. VSA is used to monitor networks and automate technology maintenance tasks, such as patching and backing up information.
The tool is used by managed service providers, which typically handle technology for dozens of smaller companies that may not have resources to staff in-house technology teams. Corporate and government tech groups also use the tool.
âItâs critical that you do this immediately, because one of the first things the attacker does is shut off administrative access to the VSA,â Kaseya warned in a notice posted to its support website.
A spokeswoman said Kaseya wasnât the victim of a ransomware attack and that it was investigating âpotential attacks on our VSA customers who have the software on-premise.â The company has shut down its cloud services out of caution, she said.
Incident response companies, including Huntress Labs Inc., said they were working with multiple service providers that had been affected by the attack in the U.S. and abroad.
Huntress has seen proof that once a service provider is infected via VSA, ransomware then spreads to client systems, said John Hammond, a senior security researcher with the company.
At least three managed service providers Huntress works with are affected, with around 200 businesses subsequently encrypted by ransomware, he said, adding that he has seen ransom demands of up to $5 million.
Ransomware gangs often launch attacks on Friday afternoons and before holiday weekends, when staff are likely to be out of the office and security teams minimally staffed, according to security experts.
They have long expressed concern that hacks of managed services providers or their supply chains could have a cascade effect, allowing hackers to infect dozens or more companies through a breach of one provider.
A hack in December of a file transfer tool of tech provider Accellion Inc. rippled to organizations in several countries, including New Zealandâs central bank, conglomerate
Singapore Telecommunications Ltd.
and U.S. law firm Jones Day.
Customers of software provider
SolarWinds Inc.
began unknowingly installing malware in Spring 2020 through seemingly routine updates to a network-management tool. U.S. officials blame Russian hackers for the attack that has reached into dozens of businesses and government agencies. Russia has denied involvement.
The Cybersecurity and Infrastructure Security Agency, part of the U.S. Department of Homeland Security, said in an alert published late Friday that it was âtaking action to understand and addressâ the attack on Kaseyaâs VSA platform. A spokesman for the agency didnât immediately respond to a request for comment on whether it was working directly with Kaseya.
Write to James Rundle at james.rundle@wsj.com
Copyright Š2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8
Gloss