Sunday, June 26, 2022
Home Tech News Kaseya says all cloud customers back online

Kaseya says all cloud customers back online

Image by Danil Melekhin via GettyImages.ca

Kaseya has successfully deployed security patches to the cloud and on-premises versions of its VSA remote IT monitoring platform to fight a ransomware attack, with no reports of serious issues.

As of 8 a.m. Eastern time Monday morning the company said the restoration of services is progressing, with all of its software-as-a-service customers live and servers expected to come online for the rest of its customers in the coming hours. Meanwhile support teams are working with VSA on-prem customers who have requested assistance with the patch.

Kaseya began deploying the fixes as promised around 4 p.m. Eastern yesterday.

On-prem users are asked to follow the instructions in Kaseya’s “On-Premises VSA Startup Readiness Guide” and its hardening and best practice guide before installing the VSA 9.5.7a Release. Subscribers to the cloud service were asked to follow instructions in a VSA SaaS startup guide and read a SaaS security best practices guide.

SaaS users will be forced by the update to change their login passwords.

In addition, to toughen authentication, passwords of all VSA users will have to be at least 16 characters long to blunt brute force attacks. Other rules affect password change requirements. All complexity rules will be enforced by the system.

It will no longer possible to disable Agent Procedure signing and approval. All agent procedure changes must now be approved by a Master administrator. 

The updates fix three recent vulnerabilities:

They also fix four recent vulnerabilities that on-prem users should have patched before July 2nd:

Now comes time for analysis of exactly how the REvil group, or one of its affiliate criminal groups, learned of and exploited the vulnerabilities used to knock the company offline on July  2nd, and what damage the attack will have on its brand and bottom line. Kaseya has promised “direct financial assistance for those who have been crippled” by the attack.

As a vital IT infrastructure management provider, Kaseya would be a tempting target for cyber attackers increasingly interested in going after third-party suppliers. Kaseya believes some 60 of its direct customers, largely managed service providers, and 1,500 customers of theirs, were hit by ransomware. For some reason, none of them, apparently, had their data stolen. That has led to speculation the attack was orchestrated by an affiliate that decided to stick strictly to ransomware for this attack.

The Dutch Institute for Vulnerability Disclosure (DIVD) had warned Kaseya of vulnerabilities in April and was working with the company on patches just before the crisis. Kaseya had released fixes for several of them before July 2nd. (For a more detailed history see this story and podcast.)

But according to Bloomberg News, Kaseya has been slow in the past to react to issues. Employees told the news service that several times between 2017 and 2020 wide-ranging cybersecurity concerns had been flagged to company leaders. But, they alleged, those issues often weren’t fully addressed.

“Among the most glaring problems was software underpinned by outdated code, the use of weak encryption and passwords in Kaseya’s products and servers, a failure to adhere to basic cybersecurity practices such as regularly patching software and a focus on sales at the expense of other priorities,” Bloomberg says the employees told it.

In an email, Forrester Research analyst Allie Mellen said steps Kaseya took to recover and to help their customers recover from this attack, including providing a runbook and recommendations on hardening their servers, among others, are a positive. “That kind of support should be provided by any 3rd party hit with a ransomware attack. It is also great news they have issued this on-prem patch. However, this does not mean every affected business is back up and running, as even the installation of the patch is a lengthy process and some organizations are still affected by the ransomware. What’s most important here is to get visibility into why this happened and what steps Kaseya is taking to prevent it from happening in the future. Total transparency on their product security efforts is crucial if they want to maintain or rebuild trust with their current customers and prospects.”

- Advertisment -

Most Popular

Watch Obi-Wan Kenobi’s Final Duel With a Revenge of the Sith Upgrade

Obi-Wan vs Vader - RESCORE with Star Wars III soundtrackSome may wonder why director Deborah Chow didn’t just do this: use that same...

10 Conspiracy Thrillers for the Truly Paranoid

In this 1975 classic, Robert Redford plays Joe Turner, a bookish CIA agent who manages to survive a targeted “hit” that kills everybody else...

Paul McCartney Pays Tribute to Johnny Depp at Glastonbury Festival

View gallery Image Credit: Anthony Harvey/Shutterstock Sir Paul McCartney, 80, took the stage at the Glastonbury Festival on Saturday, June 25, 2022. During his...

Lily-Rose Depp Wears Baby Doll Mini Dress In LA After Dad Wins Defamation Case

View gallery Image Credit: Stephen Lovekin/Shutterstock Johnny Depp‘s 23-year-old daughter, Lily Rose, was seen out an about in Los Angeles shorty after Johnny was...