back to article IT management biz Kaseya's VSA abused to infect businesses with ransomware

In what's looking like a nasty supply-chain attack, IT management biz Kaseya's on-prem VSA product was abused to infect its customers and/or their customers with ransomware. At least 200 businesses were hit total, according to infosec biz Huntress. Kaseya meanwhile initially estimated 40 of its own customers worldwide were …

  1. b0llchit Silver badge
    Facepalm

    ...police seize 3D printers...

    Well, they should also seize pen and paper because they are used for writing bad and violent notes by the bad guys. And all those paper planes blinding us when they are colliding with our eyes. It would be good to lock these dangerous materials away from general use.

    Next we will all need a weapon license to buy a 3D printer and an extra fee is put on the raw materials. You are only allowed to buy raw materials with the license and the raw materials will be DNA marked with the license ID for tracking purposes. The collected money is for the copyright infractions every owner of a 3D printer surely is making all the time. The license ensures that we will kill each other in a registered and trackable way. This setup will work magic because only criminals will ignore the rules and will therefore be caught.

    I'm wondering when someone invents 3D printing explosives for human consumption.

    1. Fruit and Nutcase Silver badge
      Alert

      And all those paper planes blinding us when they are colliding with our eyes.

      No doubt legislators will make it mandatory to get a licence to build and operate paper planes, and have documented risk assessments prior to each flight

    2. Phil O'Sophical Silver badge

      They didn't sieze 3D printers in general, just those that were being used to print guns. No doubt they also siezed the paper and pens found in that office, for the same forensic analysis.

  2. Pascal Monett Silver badge
    Facepalm

    "promising [..] a trade-in service for My Cloud accounts"

    Oh sure. Now that you have demonstrated that you cannot keep my on-premise item secure, you want me to trust you with stuff on The Cloud.

    Well of course ! Where do I sign ? </sarc>

  3. aregross

    Next...

    "...we will all need a weapon license to buy a 3D printer and an extra fee is put on the raw materials. You are only allowed to buy raw materials with the license and the raw materials will be DNA marked with the license ID for tracking purposes. The collected money is for the copyright infractions every owner of a 3D printer surely is making all the time. The license ensures that we will kill each other in a registered and trackable way. This setup will work magic because only criminals will ignore the rules and will therefore be caught."

    I like this idea

  4. Terry 6 Silver badge

    It appears that attackers got onto Kaseya's servers

    They advertise their services as including protection for their customers from intrusion etc.

    So maybe there's a very big question to answer here with regard to their ability to perform their contracts. One that needs a public investigation and presumably court action. After all, since they not only failed to prevent intrusion on their customers'/clients of customers - but they failed to secure their own systems -which has to be the first level of security.

    1. Yes Me Silver badge
      Alert

      Re: It appears that attackers got onto Kaseya's servers

      "Kaseya told all of its nearly 40,000 customers to disconnect their Kaseya software immediately... Huntress Labs said it had tracked 20 IT companies, known as managed-service providers, that had been hit. More than 1,000 of those companies’ clients, mostly small businesses, also had been affected by the hack" [Washington Post]

      Another outstanding success for outsourcing your crown jewels to some software company with good advertising.

      1. VicMortimer
        Flame

        Re: It appears that attackers got onto Kaseya's servers

        This is a perfect example of why any company big enough to be able to afford to hire in-house IT staff should NEVER outsource their IT. It's also a perfect example of why any company too small to afford full-time IT staff should only hire other small local IT support companies and NEVER one of these large outsourcing outfits.

        All you're doing is expanding your risk.

        1. GDM
          FAIL

          Re: It appears that attackers got onto Kaseya's servers

          How do you think small IT support companies manage their clients? They use things like Kasaya (or Labtech, Autotask, etc.) otherwise they'd be wasting time and money doing everything manually. Everybody automates as much as possible if they want to stay in business.

          (Yes, I have implemented both Kasays and Labtech for a small IT support company)

    2. Anonymous South African Coward Silver badge

      Re: It appears that attackers got onto Kaseya's servers

      Almost the same attack vector that took out Maersk.

      Seems like outsourcing carries a high risk, which is not mentioned at all...

      1. hoola Silver badge

        Re: It appears that attackers got onto Kaseya's servers

        It is not just outsourcing, it is the every-growing use of cloud services to provide some form of funky solution that protects both your on-prem and cloud services.

        Where you services are located is pretty much irrelevant when buying these sort of solutions. This is going to keep happening, again and again until such time as something so big kicks off Governments actually do something.

        Look at how much is delivered as a "modern cloud" service with claims that anything that is only managed on-prem (or even in your own cloud subscription) is legacy. Management continue to buy the services because snake-oil salespeople use the fear of being left with "legacy" systems as the stick. The fact that the "legacy" systems are just as good as the "modern, cloud delivered" solution are ignored.

        Many of these solutions have agents that are deep in the OS, any OS as they are providing security or monitoring. It is a perfect attack vector, compromise the Command and Control and that is it. simply millions of assets ripe for picking.

        I don't care what these organisations claim, nothing is 100% secure, the more that is hanging off a webservice in the Internet, the higher the risk.

    3. MJI Silver badge

      Re: It appears that attackers got onto Kaseya's servers

      Our hardware suppport using Kasaya remote access software, end point I think.

      I have not got around to putting it on my latest PC yet.

    4. Anonymous Coward
      Anonymous Coward

      Re: It appears that attackers got onto Kaseya's servers

      Kaseya has always been a lush target for malware slingers. As is any other centralised network management platform.

      Kaseya stands out though because it fucking sucks. I haven't a clue what it's like these days but going back 10+ years it was an absolute ballache to manage. The IT shop I worked at had a member of staff dedicated to managing it.

  5. a_yank_lurker Silver badge

    Ghost Guns

    While it is possible for a competent machine shop who has the right tools to make a relaiable gun I have my doubts about a 3D printer making a reliable gun. My understanding of gun manufacturing is there are very specific alloys and heat treatment used on critical parts. If the wrong alloys or heat treatment is done the gun can literally explode in the firer's face. For the 3D printer gun makers this is closer to a nomination for the Darwin Award than anything I particularly fear.

    1. sanmigueelbeer Silver badge

      Re: Ghost Guns

      While it is possible for a competent machine shop who has the right tools to make a relaiable gun I have my doubts about a 3D printer making a reliable gun

      Back in the 70s, 80s and early 90s, there was a town in the Philippines called Danao very popular among Yakuza.

      The product Danao "exports" to the Yakuza were very cheap handguns. These handguns were very "reliable" in the first three rounds. After that succeeding rounds would cause the barrels to heat up and warp. Granted, metallurgy in the Philippines, back then, was no match to commercial- or even military-grade weapons factory.

      Once the "deed" was done the users would discard the weapon in public and because the barrels were so badly damaged, it was very difficult to "trace" which weapon the bullet came from.

      3D-printed weapons do not need to be "endurance"-reliable. 3D-printed weapons would need to WORK in the first two or three rounds. Period.

      1. Little Mouse Silver badge

        Re: Ghost Guns

        That might explain all those missing fingers...

      2. The commentard formerly known as Mister_C Bronze badge

        Re: Ghost Guns

        The Danao firearms have the same design ethos as the American "Liberator FP45" and "Deer Hunter" pistols. Those weapons were designed to the user to acquire a proper weapon. Very much a "use it and the survivor gets to keep the good gun" approach for desparate times.

        Links:

        https://www.thingiverse.com/thing:3060548

        https://www.thingiverse.com/thing:3081128

        Thanks to "Mussy" @ Thingiverse for the models and write up. NOTE - These 3D models are stage prop / replica models. Firing the originals would be risky for the user - firing a copy would almost certainly be a life-changing event.

        1. arachnoid2 Bronze badge

          Re: Ghost Guns

          The Deer gun by the same designer looks more adaptable to plastic printers

          https://www.thingiverse.com/thing:3081128

          This persons gotta be on the watch list

          https://www.thingiverse.com/thing:3546303

      3. Flywheel Silver badge

        Re: Ghost Guns

        These handguns were very "reliable" in the first three rounds

        If you're assassinating someone, you shouldn't theoretically need more than 2 shots, especially at short range. I'm taking "Day of the Jackal" as an example.

    2. Phil O'Sophical Silver badge

      Re: Ghost Guns

      They can 3D print reliable rocket engines, guns shouldn't be that much of a challenge.

      1. John Miles

        Re: Ghost Guns

        I doubt they print reliable rocket parts using an Ender, or maybe they do as one was seen in NASA

        On a consumer grade FDM/FFM (Fused Deposition Modelling/Fused Filament Fabrication - only prints plastics), like the Enders pictured in the AG Shapiro article, you aren't going to be able to print things like usable barrels, though you certainly can print some parts and moulds.

        If you go professional then your choices of materials go up, but so does the expense - from $200/400 for typical Ender to many thousands/10 of thousands

    3. CrackedNoggin Bronze badge

      Re: Ghost Guns

      For the 3D printer gun (XXXmakersXXX)-> users this is closer to a nomination for the Darwin Award than anything I particularly fear.

    4. Doctor Syntax Silver badge

      Re: Ghost Guns

      TFA says "components". From what I recall when this issue came round previously it some components were strictly controlled by weapons legislation and some weren't and the printers were being used to make the controlled components.

      As to competent machine shops making weapons, back in the troubles it was reported a few technicians working in a shop in the basement of a QUB building had been discovered making sub-machine guns - Sterling replicas IIRC.

      There were also home-made mortars in use back then. I've seen a few which had been seized and some of them and some of those had failed with strips of barrel peeled back from the muzzle end rather like a banana skin. I don't know whether their operators had been standing close enough to collect their Darwin awards.

  6. Stratman

    Once assembled, these fully functional firearms often become a tool for senseless violence,” said the state's Attorney General Josh Shapiro.

    As opposed to all the other guns there.

  7. elsergiovolador Silver badge

    What do they want?

    It's a quite peculiar position.

    The state does not want people to have the means to protect themselves and at the same time is unable to provide any protection.

    1. Dimmer

      Re: What do they want? "The state does not want"

      Gun control: "Guns kill people, I don't want to die so lets get rid of guns"

      Gun owners: "Stop trying to take away my protection, I don't want to die"

      Law enforcement: "I just need to make my ticket quota, please don't shoot me"

      Politicians: "Let's keep both side divided and we will have a job for life"

      Media: "Lets highlight only the extremes on both sides and we can sell anything"

      Me: "A 400lb Non-radioactive wild hogs can kill people to. They are covered in mud, so it requires a high caliber rifle to stop them and if you are not a good shot, you better have a high capacity magazine."

      I will not print or shoot a printed gun. Just too dangerous. If we can just stop the Politicians and Media from dividing us, we might be able to find a solution that will make us all safe.

      1. elsergiovolador Silver badge

        Re: What do they want? "The state does not want"

        The thing is you can't even have a pepper spray to protect yourself or get yourself some time until the law enforcement comes to rescue (if they bother).

        1. the Jim bloke Silver badge
          Unhappy

          Re: What do they want? "The state does not want"

          until the law enforcement comes to rescue

          .. for given values of "rescue"

          https://mappingpoliceviolence.org/

      2. the Jim bloke Silver badge
        Devil

        Re: What do they want? "The state does not want"

        If we can just stop the Politicians and Media from dividing us

        One of the major problems eroding capitalism based nations, is that good government does not make good headlines.

        Competent management does not generate scandal and exposure, so the media empires have a direct interest in not encouraging it. They actually promote a narrative where the media is protecting us from the evil government...

        But actually, the corruption and incompetence is fostered and supported by the media empires themselves, to ensure a fruitful harvest of juicy stories now and down the line.

        I am not saying politicians would be angels if they weren't in this environment, but the ones who might be decent are going to have a harder time progressing their career.

        Look at Murdoch and the Australian Liberals, he keeps them in power, and they provide an endless supply of fuckups and idiocy... Win/Win (everyone else... lose)

  8. Anonymous Coward
    Anonymous Coward

    It is vital for the police to stop criminals from getting their hands on poor quality 3D printed guns that don't work properly. We must make sure that the criminals only use reliable high-quality factory produced guns to commit their murders.

    1. arachnoid2 Bronze badge

      Health and Safety gone mad

      Cant have users getting injured from these devices think of the litigation......

      Anyhow, they should install firmware to prevent firearm printing just like that installed on scanners that prevents the production of legal tender.

  9. Doctor Syntax Silver badge

    I'm curious to know what the liabilities are in these supply chain attacks. Does it fall on the vendors or does the small print include disclaimers? I suppose it's early days and there'll be a few years of litigation before it's all cleared up.

  10. Nosher

    "...Internet of Secure Things Alliance (ioXt)"

    It's surely a sign o' the times when an easily pronounceable acronym (ISTA, or at a pinch IoSTA) is thrown out in favour of some gibberish, simply because the latter has an "X" in it and as such is presumably "way cooler".

    1. the Jim bloke Silver badge
      Thumb Up

      Looks like they are keeping an old joke alive..

      as in IoT, Where the 'S' is for security..

      now, even though the full title contains 'Secure', 'ioXt' can still say the "s' is for security...

      Its actually a bit too self aware and self deprecating to be credible as a silicon valley thing, so it was probably a cool suggestion offered by some subversive tech head..

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021