Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
Editorials & Other Articles
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
Kaseya, firm hacked to spread ransomware, had previous security flaws
Source: Associated Press
Firm hacked to spread ransomware had previous security flaws
By MATT O'BRIEN
July 13, 2021
For 21 years, the software company Kaseya labored in relative obscurity — at least until cybercriminals exploited it in early July for a massive ransomware attack that snarled businesses around the world and escalated U.S.-Russia diplomatic tensions.
But it turns out that the recent hack wasn’t the first major cybersecurity problem to hit the Miami-based company and its core product, which IT teams use to remotely monitor and administer workplace computer systems and other devices.
“It feels a little like déjà vu,” said Allie Mellen, a security analyst at Forrester Research.
In 2018, for instance, hackers managed to infiltrate Kaseya’s tool in 2018 to run a “cryptojacking” operation, which channels the power of afflicted computers to mine cryptocurrency — often without its victims noticing. It was a less harmful breach than the recent ransomware attack, which was impossible to miss since it crippled affected systems until their owners paid up. But it similarly relied on Kaseya’s Virtual System Administrator product, or VSA, as a vehicle to get access to the companies that rely on it.
A 2019 ransomware attack also rode into computers through another company’s add-on software component to the Kaseya VSA, causing more limited damage than the recent attack. Some experts have tied that earlier assault to some of the same hackers who later formed REvil, the Russian-language syndicate blamed for the latest attack.
-snip-
By MATT O'BRIEN
July 13, 2021
For 21 years, the software company Kaseya labored in relative obscurity — at least until cybercriminals exploited it in early July for a massive ransomware attack that snarled businesses around the world and escalated U.S.-Russia diplomatic tensions.
But it turns out that the recent hack wasn’t the first major cybersecurity problem to hit the Miami-based company and its core product, which IT teams use to remotely monitor and administer workplace computer systems and other devices.
“It feels a little like déjà vu,” said Allie Mellen, a security analyst at Forrester Research.
In 2018, for instance, hackers managed to infiltrate Kaseya’s tool in 2018 to run a “cryptojacking” operation, which channels the power of afflicted computers to mine cryptocurrency — often without its victims noticing. It was a less harmful breach than the recent ransomware attack, which was impossible to miss since it crippled affected systems until their owners paid up. But it similarly relied on Kaseya’s Virtual System Administrator product, or VSA, as a vehicle to get access to the companies that rely on it.
A 2019 ransomware attack also rode into computers through another company’s add-on software component to the Kaseya VSA, causing more limited damage than the recent attack. Some experts have tied that earlier assault to some of the same hackers who later formed REvil, the Russian-language syndicate blamed for the latest attack.
-snip-
Read more: https://apnews.com/article/europe-business-technology-hacking-db3e5f615629bb225259efaf7fdf378c