Kaseya VSA Attack
Exploited by REvil Ransomware
This report focusses on the Kaseya vulnerability itself -- A separate (dedicated) report is available for the REvil ransomware which exploits this vunlerability. Kaseya VSA product is the victim of a sophisticated cyberattack causing many of its customers to be infected with ransomware. On July 2, the SaaS version was temporarily shutdown, and Kaseya warned all its customers to immediately stop using the on-premise version until a patch is available. Nearly 40 of its MSP customers were reported hacked, who themselves manage hundreds or thousands of businesses underneath. https://www.nbcnews.com/tech/security/ransomware-attack-software-manager-hits-200-companies-rcna1338 Background Learn More »
Common Vulnerabilities and Exposures
Background
The US-CERT is published at: https://us-cert.cisa.gov/ncas/current-activity/2021/07/04/cisa-fbi-guidance-msps-and-their-customers-affected-kaseya-vsa
Threat Radar Overall Score: 3.4
CVSS Rating | 9.0 | |
FortiRecon Score | 90/100 | |
Known Exploited | Yes | |
Exploit Prediction Score | 88.54% | |
FortiGuard Telemetry | 2 |
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
The US-CERT is published at:
https://us-cert.cisa.gov/ncas/current-activity/2021/07/04/cisa-fbi-guidance-msps-and-their-customers-affected-kaseya-vsa
Kaseya has released patches for their VSA server. Kaseya has released a Compromise Detection Tool, which can be downloaded at the following link:
https://kaseya.app.box.com/s/p9b712dcwfsnhuq2jmx31ibsuef6xict
More incident details have been provided at:
https://helpdesk.kaseya.com/hc/en-gb/articles/4403584098961
VSA On prmise runbook is provided at -
https://helpdesk.kaseya.com/hc/en-gb/articles/4403709150993
VSA SaaS runbook is provided at -
https://helpdesk.kaseya.com/hc/en-gb/articles/4403709476369
July 11: Kaseya released final patch for VSA on-premise deployments, and started upgrading SaaS instances
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
Vulnerability
-
IPS
-
Outbreak Detection
-
Threat Hunting
-
Assisted Response Services
-
Automated Response
-
NOC/SOC Training
-
End-User Training
-
Attack Surface Hardening
Vulnerability Detects vulnerable instance of Kaseya VSA running on Windows Server
IPS IPS prevents the vulnerability on VSA on-premise instance from being exploited
Outbreak Detection
Threat Hunting
Assisted Response Services Experts to assist you with analysis, containment and response activities.
Automated Response Services that can automaticlly respond to this outbreak.
NOC/SOC Training Train your network and security professionals and optimize your incident response to stay on top of the cyberattacks.
End-User Training Raise security awareness to your employees that are continuously being targetted by phishing, drive-by download and other forms of cyberattacks.
Attack Surface Hardening Check Security Fabric devices to build actionable configuration recommendations and key indicators.
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
Indicators of compromise
IOC Indicator List
Indicators of compromise
IOC Threat Activity
Last 30 days
Chg
Avg 0
Mitre Matrix
Click here for the ATT&CK Matrix
References
Sources of information in support and relation to this Outbreak and vendor.