Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Kaseya was fixing zero-day just as REvil ransomware sprung their attack

The zero-day vulnerability used to breach on-premise Kaseya VSA servers was in the process of being fixed, just as the REvil ransomware gang used it to perform a massive Friday attack.

The vulnerability had been previously disclosed to Kaseya by security researchers from the Dutch Institute for Vulnerability Disclosure (DIVD), and Kaseya was validating the patch before they rolled it out to customers.

However, in what can only be seen as a case of bad timing, the REvil ransomware gang beat Kaseya and used the same zero-day to conduct their Friday night attack against managed service providers worldwide and their customers.

“After this crisis, there will be the question of who is to blame. From our side, we would like to mention Kaseya has been very cooperative. Once Kaseya was aware of our reported vulnerabilities, we have been in constant contact and cooperation with them. When items in our report were unclear, they asked the right questions,” said DIVD Victor Gevers in a blog post today.

“Also, partial patches were shared with us to validate their effectiveness. During the entire process, Kaseya has shown that they were willing to put in the maximum effort and initiative into this case both to get this issue fixed and their customers patched.”

“They showed a genuine commitment to do the right thing. Unfortunately, we were beaten by REvil in the final sprint, as they could exploit the vulnerabilities before customers could even patch.”

Kaseya has confirmed with BleepingComputer that they are working closely with DIVD.

Little is known about the zero-day

The zero-day Kaseya vulnerability was discovered by DIVD researcher Wietse Boonstra and was assigned the CVE-2021-30116 identifier.

When questioned regarding how REvil learned of the vulnerability as it was being fixed, Gevers indicated in a tweet that the vulnerability was simple to exploit.

Gevers told BleepingComputer that the vulnerability disclosure was “within the industry-standard time for coordinated vulnerability disclosure,” and they would provide more information in a future advisory.

In our queries to Kaseya about the disclosure timeline, they told us that they were not providing any further information at this time.

Only 140 publicly accessible VSA servers

Since the onset of the attacks, DIVD researchers have been providing a list of publicly accessible VSA IP addresses and customer IDs to Kaseya to get the servers offline.

This effort has led to a dramatic decrease in publicly accessible servers, with only 140 accessible today.

“During the last 48 hours, the number of Kaseya VSA instances that are reachable from the internet has dropped from over 2.200 to less than 140 in our last scan today,” said Gevers in a Tweet.

Publicly accessible Kaseya VSA servers worldwide
Publicly accessible Kaseya VSA servers worldwide
Source: DIVD

In yesterday’s status report from Kaseya, these efforts appear to be working as there was only one further report of a compromised VSA on-premise server.

Furthermore, Gevers reports that they have successfully removed all public access to Kaseya VSA servers in the Netherlands.

Advertisement. Scroll to continue reading.

In a new update by Kaseya, it is recommended that all VSA on-premise servers remain offline until a patch is released.

Kaseya is also in the process of bringing their SaaS servers farms online and coming up with a plan for hosted VSA servers.

Source: https://www.bleepingcomputer.com/news/security/kaseya-was-fixing-zero-day-just-as-revil-ransomware-sprung-their-attack/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The cybercrime group evaded remediation efforts by installing persistent backdoors and deploying “new and novel malware.” A Chinese-linked hacking group that security researchers say...

Cyber Security

The administration and its private sector partners announced a slate of new initiatives on Monday aimed at protecting the nation’s school systems and their...

Cyber Security

The Colorado Department of Higher Education (CDHE) discloses a massive data breach impacting students, past students, and teachers after suffering a ransomware attack in...

Cyber Security

The plan includes measures for improving cybersecurity knowledge at all levels of education and improving how the federal government attracts, hires and pays cybersecurity...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO