Targeting the Kaseya VSA Vulnerability
A recent high profile exploit involing Kaseya VSA product was linked to the REvil ransomware. This report summarizes the Fortinet Security Fabric coverage for the REvil ransomware itself. Refer to the separate report for more detail about the Kaseya vulnerability. Learn More »
Common Vulnerabilities and Exposures
CVE-2021-30116
CVE-2021-30119
CVE-2021-30110
CVE-2019-19781
CVE-2019-11510
CVE-2019-11539
CVE-2018-13379
Background
Kaseya is a high profile outbreak, with information still pending to be released regarding the initial vulnerability that was compromised. REvil is a known ransomware group/family that has been used in the past, and is part of existing security coverage by multiple Fortinet security products. Recently, it has been used by attackers targeting the high profile Kaseya VSA vulnerability, to demand ransom from many global organizations including MSPs who represent many hundred or thousand customers underneath. This report focusses specifcally on the REvil ransomware protection and IOC detections by the Security Fabric products.
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
July 5: REvil ransomware gang takes credit for the Kaseya attack -
https://gizmodo.com/revil-gang-takes-credit-for-massive-kaseya-attack-and-a-1847232663
Refer to the Kaseya timeline for the latest status of the on-premise patch and restoration of their SaaS service:
https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
AV
-
AV (Pre-filter)
-
Behavior Detection
-
Post-execution
-
Outbreak Detection
-
IOC
-
Threat Hunting
-
Assisted Response Services
-
Automated Response
-
NOC/SOC Training
-
End-User Training
-
Attack Surface Hardening
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
References
Sources of information in support and relation to this Outbreak and vendor.