virus logo Outbreak Alert

Kaseya VSA Attack

Released: Jul 05, 2021

Download PDF »

Kaseya VSA Attack Attack Tags

Critical Severity

Subscribe

Exploited by REvil Ransomware

This report focusses on the Kaseya vulnerability itself -- A separate (dedicated) report is available for the REvil ransomware which exploits this vunlerability. Kaseya VSA product is the victim of a sophisticated cyberattack causing many of its customers to be infected with ransomware. On July 2, the SaaS version was temporarily shutdown, and Kaseya warned all its customers to immediately stop using the on-premise version until a patch is available. Nearly 40 of its MSP customers were reported hacked, who themselves manage hundreds or thousands of businesses underneath. https://www.nbcnews.com/tech/security/ransomware-attack-software-manager-hits-200-companies-rcna1338 Background Learn More »

Common Vulnerabilities and Exposures


Background

The US-CERT is published at:
https://us-cert.cisa.gov/ncas/current-activity/2021/07/04/cisa-fbi-guidance-msps-and-their-customers-affected-kaseya-vsa

Click here to analyze the

Real-Time Threat Map

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


The US-CERT is published at:
https://us-cert.cisa.gov/ncas/current-activity/2021/07/04/cisa-fbi-guidance-msps-and-their-customers-affected-kaseya-vsa


Kaseya has released patches for their VSA server. Kaseya has released a Compromise Detection Tool, which can be downloaded at the following link:
https://kaseya.app.box.com/s/p9b712dcwfsnhuq2jmx31ibsuef6xict
More incident details have been provided at:
https://helpdesk.kaseya.com/hc/en-gb/articles/4403584098961
VSA On prmise runbook is provided at -
https://helpdesk.kaseya.com/hc/en-gb/articles/4403709150993
VSA SaaS runbook is provided at -
https://helpdesk.kaseya.com/hc/en-gb/articles/4403709476369
July 11: Kaseya released final patch for VSA on-premise deployments, and started upgrading SaaS instances

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT

  • Vulnerability

  • IPS

DETECT

  • Outbreak Detection

  • Threat Hunting

RESPOND

  • Assisted Response Services

  • Automated Response

RECOVER

  • NOC/SOC Training

  • End-User Training

IDENTIFY

  • Attack Surface Hardening

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.