[ad_1]
April 1 Researchers at the Dutch Institute for Difficulty Difficulty found the first to identify seven vulnerabilities (all of which are easily recognizable, some of which could be catastrophic) in an IT management system known as the Virtual System Administrator. As of April 6, 2,200 vulnerable systems had been found, and the findings were handed over to the company behind Kaseya VSA. Kaseya had four of those seven patches in the days and weeks following, but three remained. What happened next was one of them the most significant ransomware attacks in history.
On July 2, a few days before the 90-day deadline given by the DIVD, Kaseya would run out, ransomware band REvil exploited one of the remaining VSA vulnerabilities along with an additional flaw, eventually spreading the malware to 1,500 companies and organizations around the world. Kaseya did not completely rule out these other mistakes. He continued to work with Dutch investigators for the repair, not as quickly as to avoid the worst.
“I really think they were making the best effort,” says DIVD head Victor Gevers. “They published job listings, hired new security specialists, hired outside security companies, reviewed the source code, checked their perimeters, really worked on the security attitude. But there was a lot at the same time.”
Spokesman Kaseya declined to comment on the story, citing an investigation into what the company is doing. Since July 2, however, the company has done just that he said over and over again that they are preparing to release the remaining patches. Almost a week after the initial attack, however, these repairs have not yet been carried out.
This does not mean that Kaseya has been inactive in response to the attack. The company quickly shut down its cloud offering as a measure, and urgently began to limit the fall to customers who use “local” VSA servers to do the same. The number of publicly accessible VSA servers has dropped here approximately 1,500 on July 2nd Less than 140 on July 4th and 60th from today.
But while fewer vulnerable systems certainly don’t increase the size of the attack, it doesn’t help victims who have a blocked system.
“Kaseya has had the opportunity over the years to address the weaknesses of low hanging fruit in a way that has allowed REvil to savor its customers in a general way,” says Katie Moussouris, founder of Luta Security and a long-time vulnerability researcher.
Moussouris says that vulnerabilities and vulnerabilities like the ones offered by Kaseya are valuable tools for companies that want to strengthen digital security. But these programs alone cannot provide a proper defense if the company does not invest in its own internal security and staff.
“We can’t deal with outreach against a ransomware at the same time,” Moussouris says.
Many companies respond much less than Kaseya and collaborate on patches of vulnerabilities. But service providers who use Kaseya’s software are valuable targets for ransomware attacks; Kaseya himself tried raise awareness on the subject in 2019. The longer it took Kaseya to find out how easy the weaknesses were, especially the more likely they were. someone else can find them.
The effects of Kaseya’s slip are still playing out. REvil says it has encrypted more than a million systems as part of the attack, but hackers appear to have difficult moment actually coaxing victim payments. The group called for a multi-thousand-dollar bailout for many targets, but said it would also cancel the entire attack for $ 70 million. Then drop the blanket rescue request $ 50 million. The group’s trading portals have also been disrupted.
[ad_2]
Source link
