Sunday, June 26, 2022
Home Tech News Beware of emails with alleged Kaseya-themed security updates

Beware of emails with alleged Kaseya-themed security updates

Cyber crooks never miss a chance to take advantage of a topical event to launch new phishing campaigns in the hopes of tricking victims to click on malicious links. The latest example is an email campaign this week that tries to take advantage of ransomware worries in the wake of the attack on Kaseya.

The message, spotted by Malwarebytes, has a subject line “Our Shipping Renewal 2021,” which is a standard header for phishing which the attacker hopes will get serious attention.

However, the message — from someone who appears to be a supplier — says, “Guys please install the update fro= microsoft to protect against ransomware as soon as possible. This is fi=ing a vulnerability in Kaseya.” The attached link seems at first glance to come from Kaseya. There’s also an attachment called “SecurityUpdates.”

Actually, says Malwarebytes, the link drops the Cobalt Strike software favoured by cyberattackers for its ability to deploy an agent or beacon on a victim machine. Beacon is an in-memory (and therefore fileless) application whose capabilities include keylogging, file transfer, SOCKS proxying, privilege escalation, the mimikatz credentials capturing tool, port scanning and lateral movement — in other words almost everything a hacker needs to exploit initial access.

There are clues this particular message is a phishing attack. For one thing, the email address of the sender is a jumble of words. Second, the name of the email sender is different from the name in the body of the message. And third, there are those odd = signs in the message instead of letters.

Still, an anxious and not well-trained employee might click on the link or download the attachment.

As of Tuesday night, Kaseya still hadn’t distributed a patch for on-premise versions of its VSA remote monitoring suite.

The release of that patch is dependent on the company first remediating the software-as-a-service version of the application, and that was behind schedule. It had hoped to be finished by 7 p.m. Eastern on Tuesday. But at 10 p.m. it issued a statement saying a glitch had delayed things. Kaseya said the next update on its progress would be issued on Wednesday morning at 8 a.m.

UPDATE: On Wednesday morning Kaseya said the issue stalling the re-deployment of VSA online still hadn’t be fixed despite staff working through the night. The next report on the status is scheduled for noon Eastern time.

- Advertisment -

Most Popular

‘I was just very sad’: Halifax abortion rights supporters gather amid Roe v. Wade ruling

On Saturday morning, about 100 people gathered in Halifax to rally in response to Friday’s decision by the Supreme Court of the United States...

Biden embarks on trip to Europe to garner alliances against Russia

President Joe Biden is out to sustain the global alliance punishing Russia for its invasion of Ukraine as he embarks on a five-day trip...

Cornerback Delvin Breaux ready to roar in B.C. Lions debut

For Delvin Breaux, strapping on the pads for his first game as a B.C. Lion is no big deal. The 32-year-old American cornerback was B.C.’s...

Startup layoffs, the art of reinvention and a MasterClass in change

Just as one company’s success shouldn’t cast a halo on its vertical’s brethren, one company’s layoffs don’t quite mean that its competitors are equally...