The hackers, who a few weeks ago largely paralyzed the world’s largest meat company JBS, immediately attacked hundreds of companies in a new wave of attacks. They used a vulnerability in software from the IT service provider Kaseya to attack its customers with blackmail software. As Kaseya announced on Saturday night, less than 40 customers are affected according to current knowledge.
Remote access and maintenance software VSA
The damage could have been far greater: Kaseya has a total of more than 36,000 customers. With the help of the remote access and maintenance software VSA from Kaseya, companies distribute software updates in their networks. An intrusion into the VSA software can open many doors for the attacker at once. Kaseya stopped its cloud service on Friday and warned customers to shut down locally running VSA systems immediately. According to the company, customers of the cloud service were never in danger – all of the companies concerned used VSA installations.
Kaseya is confident that it has found the vulnerability if it wants to close it soon and restart the systems after a security test, it said. IT security experts assigned the attack to the REvil hacker group, which was also behind the JBS attack.
Kaseya software used for attacks as early as 2019
Attacks with blackmail software had recently made repeated headlines. Just before the JBS case, an attack of this type halted the operation of one of the largest gasoline pipelines in the United States and temporarily cut fuel supplies in the country. It brings money for the hackers: JBS paid the attackers the equivalent of eleven million dollars in crypto currencies, the pipeline operator Colonial paid 4.4 million dollars. However, a little later, investigators were able to confiscate a good half of the colonial ransom.
Kaseya’s software was used for attacks as early as 2019. And: within a few months, this Kaseya vulnerability is the second known attack in which cybercriminals were able to penetrate customers’ systems via an IT service provider. Using maintenance software from Solarwinds, attackers were believed to have entered the computer networks of US government agencies, including those of the Department of Finance and Energy, for espionage purposes.