Your IT Support Experts

We partner with many types of businesses in the area, and strive to eliminate IT issues before they cause expensive downtime, so you can continue to drive your business forward. Our dedicated staff loves seeing our clients succeed. Your success is our success, and as you grow, we grow.

Free Consultation

Interested in seeing what we can do for your business? Contact us to see how we can help you! Sign Up Today

  

USA Computer Services Blog

USA Computer Services has been serving small and medium sized businesses since 2012, providing IT Support such as technical helpdesk support, computer support and consulting.

Zero-Day Vulnerability Causes Major Problems for IT Providers

Zero-Day Vulnerability Causes Major Problems for IT Providers

Let’s dive into the details and see what can be learned from this ransomware attack.

What is Kaseya?

Kaseya is a software vendor that works closely with managed service providers (MSPs) to provide IT solutions. The software designed by Kaseya is meant to be used by managed service providers and large enterprises to manage and support technology across multiple networks. As reported by ZDNet, at least 40,000 companies worldwide use at least one tool created by Kaseya.

The attack in question leveraged a vulnerability in Kaseya’s VSA service, which is basically a remote monitoring and management tool. 

Since Kaseya plays such a key role in connecting IT companies to the businesses that they support, it should come as no surprise that such a ransomware attack could have profound effects on both the MSP service industry and the countless businesses that are supported by them. If your IT provider happened to use this particular software, there is a good chance that you were unlucky enough to become a victim of this attack, especially if other countermeasures weren’t in place.

The Attack’s Timeline

To give you an idea of how this attack has progressed, let’s take a look at the timeline, as it was reported by ZDNet:

  • July 2, 2021: Kaseya CEO Fred Voccola announced that the company experienced an attack against the VSA that was limited to “a small number of on-premise customers.” Voccola also urged users of the VSA service to disconnect all servers hosting the solution in an effort to prevent further infections. Kaseya informed those potentially affected by the attack, as well as shut down their own SaaS servers as a safety precaution.
  • July 3, 2021: Kaseya released a Compromise Detection Tool to help customers determine if they have been compromised by the ransomware or not. The tool analyzes the endpoint or server to see if there is any indication of compromise on the system.
  • July 4, 2021: Kaseya declared that they had become a “victim of a sophisticated cyberattack,” and brought in external security experts, including Mandiant, to aid in learning more about the attack and resolving the issue.
  • July 5, 2021: Kaseya issued the following update: "We are developing the new patch for on-premises clients in parallel with the SaaS Data Center restoration. We are deploying in SaaS first as we control every aspect of that environment. Once that has begun, we will publish the schedule for distributing the patch for on-premises customers."

The attack itself is thought to have been administered via an automated malicious software update, bypassing authentication and executing commands remotely. More information on this attack can be found in Kaseya’s briefing on the incident here.

The Takeaway

Since this particular issue was caused by a zero-day vulnerability (a previously unknown vulnerability) in a provider’s systems, it is hard to fault anyone in particular for this hack, but it does further reinforce the importance of monitoring your system for irregularities, as this attack was only uncovered as a result of such monitoring. Imagine the damage that could have been caused by this threat if it were to remain undiscovered for an extended period of time. It just goes to show that even businesses that do everything right can still become victims of ransomware attacks.

While there are countermeasures to prevent ransomware attacks and restorative measures to get back in business after being attacked, if these measures weren’t in place for a company that was a victim of the attack, things probably aren’t looking very good. 

We can’t stress enough that it is critical to have a solid backup solution in place that is regularly tested and reviewed. It’s also a good idea to have your network hardened and evaluated at least once a year to help it withstand ransomware attacks and other threats. Even if you need a second option, we’re happy to help.

Therefore, you should always take preventative measures to ensure that ransomware is as mitigated as possible. We can help your business keep itself safe from threats of all kinds. To learn more, reach out to us at (704) 665-1619.

Managing Your Email Can Help You Be More Productiv...
Considering Your Business’ Cybersecurity Strategy
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Wednesday, March 27, 2024

Captcha Image

Customer Login

Contact Us

Learn more about what USA Computer Services can do for your business.

Headquarters:
525 North Tryon St. #1600
Charlotte, NC 28202

Additional Location:
859 Willard St #400
Quincy, MA 02169
Additional Location:
60 State Street #700
Boston, MA 02129