[ad_1]
Hundreds of businesses around the world, including one of Sweden’s largest grocery chains, grappled with potential cybersecurity vulnerabilities after Kaseya, a software provider that serves more than 40,000 organizations, on Saturday said it was the victim of a “sophisticated cyberattack”.
Security researchers said the attack may have been carried out by REvil, a Russian cybercriminal group that the FBI says was behind the hacking of the world’s biggest cybercriminals. meat processor, JBS, in May.
According to Sebastian Elfors, a cybersecurity researcher at security firm Yubico, Swedish grocery retailer Coop had to close at least 800 of its stores on Saturday. Signage outside the Coop stores turned customers away: “We’ve been hit by a major IT disturbance and our systems are down.”
Mr Elfors said a Swedish railroad and a major pharmacy chain were also affected by the Kaseya attack. “Totally devastating,” he said.
Asked about the cyberattack after he landed in Michigan for a trip to celebrate the Covid-19’s withdrawal from the United States on Saturday, President Biden said he was delayed because he was informed of the attack. He said he directed “all the resources of the federal government” for the investigation. “The initial thought was that it was not the Russian government, but we are not sure yet,” he said.
Victims of the violation Kaseya affected by software updatesaid threat researcher Kevin Beaumont. Instead of getting Kaseya’s latest update, they got REvil’s ransomware. Kaseya was initially breached by a previously unknown vulnerability in their system – known as “zero days” because when such vulnerabilities are discovered, software manufacturers have zero days to fix it. Meanwhile, cybercriminals and spies can exploit the vulnerability to wreak havoc.
Mr Beaumont said the attack marked a serious escalation in the tactics of ransomware gangs. In previous attacks, REvil was known to crack a combination of phishing, stolen passwords or lack of multi-factor authentication.
Dutch researchers, reported the vulnerability to Kaseya, but according to people briefed on the timeline, the company was still working on a patch when it was breached and software updates were compromised.
The attack was made public on Friday when Kaseya said she was investigating the possibility of being the victim of a cyberattack. The company urged its customers using its system management platform, called VSA, to shut down their servers immediately to avoid the possibility of it being hijacked by attackers.
“We are experiencing a potential attack against VSA, which is limited to only a small number of on-premises customers,” Kaseya said. published on their websiterefers to organizations that keep their software on their own sites rather than hosting them in a cloud provider. “We are in the process of investigating the root cause of the incident with great care.”
Fewer than 40 customers were affected by the attack, but these customers include so-called managed service providers, each of which can provide security and technology tools to dozens or even hundreds of people, Kaseya’s CEO, Fred Voccola, said on Saturday. companies.
This magnifies the severity of the attack, said John Hammond, a researcher at cybersecurity company Huntress Labs.
“What makes this attack stand out is the trickle effect from the managed service provider to the small business,” said Mr Hammond. “Kaseya handles large businesses globally to small businesses, so it has the potential to eventually expand into businesses of all sizes.”
Mr Hammond said some of the affected companies had been asked for a $5 million ransom. “Thousands of companies are at risk,” he said.
The United States Cybersecurity and Infrastructure Security Agency described the incident as follows: description on their website as a “supply chain ransomware attack” on Friday. He urged Kaseya’s clients to shut down their servers and said he was investigating.
Hackers have carried out a number of significant cyberattacks against US companies, including JBS and JBS, in recent months. Colony PipelineMoving fuel along the East Coast. Both were ransomware attacks in which hackers tried to shut down systems until a ransom was paid. video game company Electronic Arts was also recently hacked, but their data was not held for ransom.
Nicole Perlroth and David E. Sanger contributing reporting.
[ad_2]
Source link