[ad_1]
It was so inevitably the major threats to modern security— chain attack and redemption – may include destruction of property. This is what happened on Friday afternoon, when the well-known REvil group secretly recorded hundreds of business files in one swoop, apparently as a result of an disrupted IT monitoring program. And that is just the beginning.
Things are still growing and some details — most of all, how the attackers intervened in the program in the first place — are unknown. But the consequences have been catastrophic for some time now, and the magnitude of the situation is growing. The program in question, Kaseya VSA, is popular among so-called providers, who provide IT equipment for companies that would prefer to produce such products instead of running them on their own. Which means that if you can break the MSP, you suddenly have access to its clients. That’s the difference between punching one box at a time and stealing the keys to a bank account.
So far, according to security company Huntress, REvil has stolen eight MSPs. Three of Huntress’s direct collaborators were responsible for 200 businesses that found their data stored on Friday. It doesn’t take much to see how much worse it is from there, especially given the presence of Kaseya.
“Kaseya is a Coca-Cola remote control,” said Jake Williams, chief technology officer at BreachQuest. “Because we are heading towards the end of the holidays, we do not know how many people live out there until Tuesday or Wednesday next week. But it is very important. ”
Worst Worldwide
MSPs have long been known, especially international traffickers. Beating them up is a dangerous way to hate, if you can afford it. As demonstrated by the Department of Justice’s exhibition in 2018, Chinese APT10 spies used MSP scams stealing hundreds of gigabytes from many companies. REvil also promoted MSPs, and used their strategy to become the third IT company to because 22 Texas municipalities at the same time in 2019.
Network attacks have become more frequent, especially in SolarWinds demolition campaign last year which gave Russia the opportunity to exploit a number of US agencies as well as many others. As with MSP threats, hacking hackers also have multipliers; Recording just one program can give hundreds.
You can start to see, which is why temporary attacks targeting MSPs have tangible results. Throw an awkward eagle in the mix, and things get a little messy. It reminds us of the demise of NotPetya, which also uses the stock market to propagate what at first seemed to be a ransom but was a revolution against Russia. Russia’s most recent work is also remembered.
“This is SolarWinds, but it’s a redemption,” said Brett Callow, a security analyst at Emsisoft’s viral company. “If one MSP is compromised, it can affect hundreds of users. In this case, it seems that several MSPs are compromised, so…”
BreachQuest’s Williams says REvil appears to be asking companies who are suffering about $ 45,000 in Monero funds. If they fail to pay within a week, the increase will increase. BleepingComputer protection reports that REvil has appealed to other victims of $ 5 million in an anonymous password that unlocks “all PCs of your locked network,” which can target MSPs especially not their customers.
“We often talk about MSPs being a big ship for small and medium-sized businesses,” said John Hammond, senior security researcher at Huntress. “But if Kaseya is a well-known figure, the criminals have ruined all their ships.”
[ad_2]
Source link
