Blog

Zero-Day Vulnerability Causes Major Problems for IT Providers

Zero-Day Vulnerability Causes Major Problems for IT Providers

A new ransomware attack has surfaced, this time mostly targeting IT companies and their clients. The attack is specifically targeting the Kaseya platform. Kaseya is management software that many IT companies use to remotely manage and support technology. The attack in question attacked Kaseya’s supply chain through a vulnerability in its VSA software; this attack is notable because of how it targeted the supply chain, not only striking at the vendor’s clients—notably IT companies—but also their customers. Basically, this attack had a trickle-down effect that is causing widespread chaos for a massive number of businesses.

Let’s dive into the details and see what can be learned from this ransomware attack.

What is Kaseya?

Kaseya is a software vendor that works closely with managed service providers (MSPs) to provide IT solutions. The software designed by Kaseya is meant to be used by managed service providers and large enterprises to manage and support technology across multiple networks. As reported by ZDNet, at least 40,000 companies worldwide use at least one tool created by Kaseya.

The attack in question leveraged a vulnerability in Kaseya’s VSA service, which is basically a remote monitoring and management tool. 

Since Kaseya plays such a key role in connecting IT companies to the businesses that they support, it should come as no surprise that such a ransomware attack could have profound effects on both the MSP service industry and the countless businesses that are supported by them. If your IT provider happened to use this particular software, there is a good chance that you were unlucky enough to become a victim of this attack, especially if other countermeasures weren’t in place.

The Attack’s Timeline

To give you an idea of how this attack has progressed, let’s take a look at the timeline, as it was reported by ZDNet:

  • July 2, 2021: Kaseya CEO Fred Voccola announced that the company experienced an attack against the VSA that was limited to “a small number of on-premise customers.” Voccola also urged users of the VSA service to disconnect all servers hosting the solution in an effort to prevent further infections. Kaseya informed those potentially affected by the attack, as well as shut down their own SaaS servers as a safety precaution.
  • July 3, 2021: Kaseya released a Compromise Detection Tool to help customers determine if they have been compromised by the ransomware or not. The tool analyzes the endpoint or server to see if there is any indication of compromise on the system.
  • July 4, 2021: Kaseya declared that they had become a “victim of a sophisticated cyberattack,” and brought in external security experts, including Mandiant, to aid in learning more about the attack and resolving the issue.
  • July 5, 2021: Kaseya issued the following update: "We are developing the new patch for on-premises clients in parallel with the SaaS Data Center restoration. We are deploying in SaaS first as we control every aspect of that environment. Once that has begun, we will publish the schedule for distributing the patch for on-premises customers."

The attack itself is thought to have been administered via an automated malicious software update, bypassing authentication and executing commands remotely. More information on this attack can be found in Kaseya’s briefing on the incident here.

The Takeaway

Since this particular issue was caused by a zero-day vulnerability (a previously unknown vulnerability) in a provider’s systems, it is hard to fault anyone in particular for this hack, but it does further reinforce the importance of monitoring your system for irregularities, as this attack was only uncovered as a result of such monitoring. Imagine the damage that could have been caused by this threat if it were to remain undiscovered for an extended period of time. It just goes to show that even businesses that do everything right can still become victims of ransomware attacks.

While there are countermeasures to prevent ransomware attacks and restorative measures to get back in business after being attacked, if these measures weren’t in place for a company that was a victim of the attack, things probably aren’t looking very good. 

We can’t stress enough that it is critical to have a solid backup solution in place that is regularly tested and reviewed. It’s also a good idea to have your network hardened and evaluated at least once a year to help it withstand ransomware attacks and other threats. Even if you need a second option, we’re happy to help.

Therefore, you should always take preventative measures to ensure that ransomware is as mitigated as possible. We can help your business keep itself safe from threats of all kinds. To learn more, reach out to us at 603-889-0800.

By accepting you will be accessing a service provided by a third-party external to https://www.whitemtn.com/

Related Posts

If you ever question why your business needs to take advantage of network security and all of its components, consider this fact: the average cost of data breaches, worldwide, has increased by 29 percent since 2013. Believe it or not, the average cos...
Sharing your Netflix password with a friend so they too can enjoy a vast catalogue of movies seems harmless enough. However, due to a recent ruling by judges of the Ninth Circuit of the United States Court of Appeals, this common action is now a fede...
Ransomware is such a popular method of attack used by hackers that new variants of it pop up every few months. Among these is Petya, a nasty new ransomware that masquerades as an unsolicited resume in an organization’s email inbox. Don’t be fooled, t...
Which database management system is running on your company’s server units? For end users, it’s not something that they put a whole lot of thought into. However, if you completely overlook your Microsoft SQL Server, you may end up running an expired ...
One of the most popular methods of online hacking attacks involves what’s called a brute force attack. This is when a hacker overwhelms a login system with multiple attempts until the hacker is able to log in and access the system. They are dangerous...
Accessibility and mobility are important parts of a business’s data infrastructure. To this end, some businesses take advantage of a Virtual Private Network (VPN), which has the power to extend a personal network over a private network like the Inter...
Smartphones may have been some of the first Internet-connected mobile devices, but they are still as vulnerable to attack as ever. This is especially true for those who forsake any sort of mobile device security policy. With modern businesses utilizi...
Today’s headlines are dominated by stories of major companies getting hacked, making the average computer user feel uneasy about their security. If you’re solely dependent on a measly password to protect you from hackers, then you’ve got good reason ...
The online world is a scary place. Viruses, malware, spyware, adware, and more are all out there trying to get at your network. These threats are almost always prevalent, but compared to each other, some are vastly superior and far more dangerous and...
It’s the nature of technology to grow more complex over time, and as it does, the types of threats grow alongside it. Security is now more important than ever before, and if your business is not prepared to handle the threats that lurk in the shadows...
Getting hacked is a scary occurrence. It’s a major reason why you have security measures put into place. You try to avoid it as much as you can, but getting outsmarted by hackers happens to the best of us. The good news is that as long as you approac...
One minute you’re browsing trusted sites on the Internet, the next, your PC freezes up and displays the dreaded blue screen of death, along with a fake tech support message. This strain of malware is duping plenty of computer users into calling the p...

Onsite Service Coverage Area

Although we provide remote services and support to businesses in over 20 states, onsite services are limited to within reasonable driving distance from our office in NH.  We will manage a local vendor for locations outside of our service area to provide onsite assistance when needed.

 

Onsite Computer Support Services are available to businesses within 100 miles of Nashua New Hampshire. We have excellent onsite coverage from Concord NH, south through Manchester NH, and then down into Boston. From Northern and Central Mass, we cover from Worcester, east to the North Shore, including the Salem and Portsmouth NH area.

 

White Mountain IT Services
33 Main Street, Suite 302
Nashua, New Hampshire 03064

 

603-889-0800

map nashua4 1

 

Open Positions