IT for service providers biz Kaseya defers decision about SaaS restoration following supply chain attack
IT management software provider Kaseya has deferred an announcement about restoration of its SaaS services, after falling victim to a supply chain attack that has seen its products become a delivery mechanism for the REvil ransomware. The company’s most recent update on the incident, dated July 4, 2021 5:45 PM EDT, initially …
COMMENTS
-
-
-
Monday 5th July 2021 09:50 GMT MiguelC
Re: Surely they are finished as a company?
Maybe not even that, did SolarWinds change their name?
-
-
Monday 5th July 2021 10:39 GMT Pascal Monett
Re: Surely they are finished as a company?
Is TSB finished ?
They'll recover. The Public is abysmally incapable of drawing the proper conclusions and all those companies would need to change their infrastructure and software stack, and that costs money, whereas risk can be insured.
Can we have a vomit icon ?
-
Monday 5th July 2021 14:01 GMT Anonymous Coward
Re: The Public is abysmally incapable of drawing the proper conclusions
while I share the sentiment, in general, what EXACTLY are the (mythical) Public supposed to do, other than draw the proper conclusions? Storm the HQ? Overthrow the governments (all of them, to make sure) so that they send the army (all of them, to make sure) to storm the HQ? Put pressure on their governments 'to do something!"? I'm pretty sure, if you ask any government farm-person, they will fart that "our government is absolutely committed towards ensuring that, etc, etc." And if you overthrow the current government and setup the new one (better, oh yeah!), the new fart-person will fart exactly the same tune.
-
This post has been deleted by its author
-
-
Monday 5th July 2021 09:48 GMT Anonymous Coward
"It’s been posted to cloud storage locker Box"
It's on a file sharing thingie. It's a zip file. There's a .pdf and Powershell scripts in the zip file.
At which point do I wait for a phone call from Microsoft?
EDIT: I've taken a look at the ps scripts. This nonsense:
$SuspiciousFile = Get-Childitem –Path $Path -Recurse -ErrorAction SilentlyContinue | Where-Object { $_.Name -eq [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("YWdlbnQuY3J0")) }
means I'm looking for a file called agent.crt! The next stanza looks for agent.exe.
-
Monday 5th July 2021 17:01 GMT cyberdemon
This nonsense [YWdlbnQuY3J0] means I'm looking for a file called agent.crt!
WTF?
They obfuscated this in a powershell script with a base64 string.. why?
So that they could pull the wool over the eyes of the Dutch Institute for Vulnerability Disclosure and appear that “They showed a genuine commitment to do the right thing,” by providing a magical detection tool?
Or because they are so cynical that they expect their recently-pwned customers to double click on an obfuscated powershell script and run it, rather than just telling them to look for a file called agent.crt?
-
-
Monday 5th July 2021 10:43 GMT Pascal Monett
"Only a very small percentage of our customers"
Ah, the gold standard of excuses.
Fuck that. You were asleep at the wheel, or too incompetent to provide actual security to your customers.
I don't care if only one customer got infected by your fault, it is one too many.
Solarwinds123 has already happened. You have no excuse.
-
Monday 5th July 2021 12:32 GMT Anonymous Coward
Not entirely unexpected?
That it's taken until 2021 for the bad guys to work out that attacking MSPs - and, specifically, MSP systems and providers like Kaseya - is a route to compromising a lot of people very quickly is, frankly, a bloody miracle. It was bound to happen sooner or later, and I'm very surprised it wasn't sooner - a lot sooner.
A/C (ex-MSP).
-
Monday 5th July 2021 13:15 GMT FuzzyTheBear
Laughing
Next boyo that tells me their equipment is secure or that their services are secure will make me fall on the floor in a heap laughing my bu&& off unable to lick a stamp to save my life.
If Russia don't do a thing to prevent this .. just cut the cables at the borders and jam their satellites solid.
Wars can be fought both ways Vlad.
Mine's the one without an ethernet port.
-
Tuesday 6th July 2021 02:47 GMT Anonymous Coward
Re: Laughing
"America and the West’s dependency on undersea internet cables could be a strategic vulnerability. It is the consequence of both geography and the rise of the international digital economy. Russia, by comparison, doesn’t rely on the cables as much, and it has a substantial fleet of spy submarines designed to operate on them." [Forbes, How Russian Spy Submarines Can Interfere With Undersea Internet Cables]
Escalation by punitive cable cutting is not wise. The problem is that the "West" has a lot more to lose than Russia, NK, Iran, etc., who all have underperforming economies.
In contrast China has a lot to lose because they have a highly performing economy. And they are the only one's who pose a real threat to the "West", not from cyber espionage, but through outperforming the "West" economically.
Russia is about as low as it can get, and any substantial wealth generated inside Russia seems to end up in London or NY. Most of the ransom money will eventually end up in London or NY.
The way to stop the ransomware is to make it illegal to pay ransom, with prison time for doing so. Insurance rates will skyrocket, and there will be a lot of work in security. Eventually equilibrium will be reached, with the total # of ransomware incidents much fewer than at present.
-
-
Tuesday 6th July 2021 06:35 GMT DesktopGuy
Glad I dumped Keseya!
Glad I dumped Keseya!
I resold the Dark Web scanner to my clients and it was mainly fear marketing - bombarding clients with weekly updates of which large PC orgs got hacked with a severity scale. getting out of the contract was a nightmare.
They kept billing me "by accident" after I cancelled buy contract and took months to refund the funds.
Really, really not nice to deal with - especially in Australia.
I wonder if they will use this hack in their Dark Web monitoring marketing…???