Kaseya VSA Software Compromised By Ransomware
Kaseya VSA is a piece of software widely used around the world (and in NZ) to manage IT resources in small-to-medium businesses. Now it appears <https://www.rnz.co.nz/news/national/446162/new-zealand-may-be-caught-up-in-massive-global-hack-tech-expert> this software has been subverted as a weapon, likely by the notorious Russia-based “REvil” gang, to hold data to ransom across a range of organizations worldwide. This evening’s TV1 news mentions a Cambridge school <https://www.tvnz.co.nz/one-news/new-zealand/cambridge-school-among-businesses-affected-global-cyber-attack> among other victims in NZ.
I wrote:
This evening’s TV1 news mentions a Cambridge school <https://www.tvnz.co.nz/one-news/new-zealand/cambridge-school-among-businesses-affected-global-cyber-attack> among other victims in NZ.
The Ministry of Ed says 11 schools in NZ have been hit <https://www.nzherald.co.nz/nz/worldwide-ransomware-attack-st-peters-college-and-10-other-schools-hit-by-us-cyber-attack/JACHAD3OPGUOF7ZIF4PJXDPICA/?ref=readmore>. The impact has been felt worldwide <https://www.nzherald.co.nz/world/scale-details-of-massive-kaseya-ransomware-attack-emerge/KWI34JA7GV6U3VHU4X66ZCXT6M/>, seemingly the biggest single customer being a Swedish grocery chain with 800 stores. Just to be clear, this wasn’t a phishing attack: it exploited a vulnerability in a tool widely used by a range of small-to-medium customers to keep their systems secure, turning it into a massive security hole into those very systems.
I wrote:
Kaseya VSA ... has been subverted ... to hold data to ransom across a range of organizations worldwide.
Apparently over 100 kindergartens <https://www.nzherald.co.nz/nz/kindergartens-switch-to-pen-and-paper-after-global-kaseya-ransomware-attack/MQ7SCXSMFIBKCSVWRAXYN3MYZ4/> have been told to switch off their computers and revert to pencil and paper for now, until it is determined how badly (or if at all) they have been affected.
Kaseya is saying <https://www.theregister.com/2021/07/06/kaseya_update/> that it has found no evidence of compromise within its internal systems. So the breach was down to a simple bug which was exploited within its customers’ and resellers’ deployments.
According to this <https://www.tvnz.co.nz/one-news/new-zealand/further-risk-schools-caught-in-global-cyberattack-isolated-hipkins> update, the Ministry of Education identified 11 schools in NZ which use the Kaseya product, and might have been impacted. Two definitely were, but they are taking action and have seen “no evidence of data loss at this stage”. Two others said they have not used the software for some time, so have not suffered any trouble. The rest have seen no evidence of impact, but have shut down their use of the software as a precautionary measure.
participants (1)
-
Lawrence D'Oliveiro