[ad_1]
Great chain performed Friday took nearly hundreds of thousands of businesses around the world with redemption, including railways, medical chains, and hundreds of Swedish stores of Coop grocery stores. Condemned by the notorious Russian terrorist group REvil, the attack is a momentous event, in addition to dipo and the so-called selling chains. Now, it is clear how he got rid of it.
More is known from Friday afternoon. In an effort to spread its liberation to more nations, the rebels found a threat in the methods used by Kaseya IT Company. The company develops software that is used to manage businesses and marketing tools, and then sells these tools to other companies called “service providers.” MSPs, too, are affiliated with small and medium enterprises or any organization that does not want to oversee its IT infrastructure. By planting its ransom seed using Kaseya’s reliable methods, the fighters are able to pass on Kaseya’s MSP weapons and see the fall regime as the MSPs distribute a confidential program to their clients.
But by Sunday, security investigators had described in detail the attackers had found and used the opportunity they had at first.
“The interesting thing about this is that REvil has always used reliable software to achieve his goals. Rewards players often need several challenges at different levels to do this or time on the network to unlock passwords,” says Sophos chief researcher Sean Gallagher. Sophos published new related to Sunday’s attack. “This is part of what the eagles look like.”
Exercise
The plot relies on the use of initial risk on Kaseya’s transition machines in their remote monitoring and management called VSA. It is not known if the militants used the full threat until the end of the Kaseya system. What seems to be possible is that they used VSA servers that are monitored by MSPs and pushed the negative “changes” from there to the MSP clients. Evil seems to have met the demands of the ransom – and even some of their own means of rebellion – based on the goal, instead of doing anything similar.
The timing of the attack was particularly tragic because security forces had already identified the problem posed by Kaseya’s transformation. Wietse Boonstra of the Dutch Institute for Vulnerability Disclosure was working with Kaseya to design and test patches for wrong. The preparations were about to be released, but had not yet been sent by the time Revil started.
“We’ve done everything we can and Kaseya has done everything he can,” said Victor Gevers, a researcher from the Dutch Institute for Vulnerability Disclosure. “It’s hard to find easily, I think. That’s the main reason the attackers won the race again.”
The attackers took advantage of the risk of distributing malicious payments to vulnerable VSA servers. But that means they also hit, in addition, the VSA server functions running on Windows client MSPs. VSA “working folders” often act as a trustworthy platform in the machine, which means that malware and other security devices are instructed to ignore everything they do – providing privacy to intruders.
When in doubt, the malware introduced a number of laws to hide the malware from Microsoft Defender, a malware download tool built into Windows. Finally, the malware program recommended Kesaya’s modification to use Microsoft’s official but durable and obsolete “Antimalware Service”. The attackers could change the old version to “save” the bad code, slipping on Windows Defender as Luke Skywalker could pass the Stormtroopers if he put on his armor. From then on, the malware started hiding files on the victim’s machine. It even took other methods to make it harder for victims to recover from data storage.
[ad_2]
Source link
