Tech provider Kaseya warns of cyber attack

Kaseya Ltd. warned Friday afternoon that a key software tool used by companies to manage technology at other companies could have been the target of a cyberattack.

Kaseya advised clients to close their copies of their VSA platform immediately. VSA is used to monitor networks and automate technology maintenance tasks, such as patching and backing up information.

At least three technology service providers using Kasaya’s VSA tool are compromised, with around 200 of its business customers subsequently encrypted by ransomware, according to incident response company Huntress Ltd.

The tool is widely used by managed service providers, typically managing technology for dozens of smaller businesses that may not have the resources to staff internal technology teams. Corporate and government tech groups also use the tool.

Disabling the VSA is critical, Kaseya warned in a notice on its support website, “because one of the first things an attacker does is shut down administrative access to the VSA,” the company said.

The Cybersecurity and Infrastructure Security Agency, part of the US Department of Homeland Security, said in an alert late Friday that it was “taking steps to understand and address” the attack on Kaseya’s VSA platform. A spokesperson for the agency did not immediately respond to a request for comment.

A spokeswoman said Kaseya was not the victim of a ransomware attack and was investigating “possible attacks on our VSA customers who have the software on premises.” The Dublin-based company has shut down its cloud services as a precaution, he said.

Incident response companies, including Huntress, said they were working with several service providers that had been affected by the attack in the United States and abroad.

John Hammond, a senior security researcher at Huntress, has seen evidence that once a service provider is infected via the VSA, the ransomware spreads to client systems. Hammond said he has seen ransom demands of up to $ 5 million.

Ransomware gangs often launch attacks on Friday afternoons and before holidays, when staff are likely to be out of the office and security teams are minimally staffed, according to security experts.

They have long expressed concern that attacks on managed service providers or their supply chains could have a cascading effect, allowing hackers to infect dozens or more of companies through breach of one provider. .

A December hack of a file transfer tool from technology provider Accellion Inc. spread to organizations in several countries, including New Zealand’s central bank, Singapore’s telecommunications conglomerate. Limited.

and the US law firm Jones Day.

SolarWinds software provider customers INC.

it unknowingly started installing malware in the spring of 2020 through seemingly routine updates to a network management tool. US officials blame Russian hackers for the attack that has hit dozens of companies and government agencies. Russia has denied its participation.

Write to James Rundle in [email protected]

Copyright © 2020 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8

Add Comment