Kaseya, an IT services provider was hit by REvil ransomware last week, and having the impact of amplifying rapidly ever since.
Kaseya has just revealed that about 50 of its direct customers were impacted by this attack, but around 1,500 additional organizations were indirectly impacted through its affected clients. The company is now readying a patch to close the vulnerability.
Kaseya Attacks Hits 1,500 Companies
Kaseya, an IT solutions provider having VSA as one of its products, is now responsible for one of the largest software supply chain attacks in history.
Kaseya’s VSA is a unified remote monitoring and management tool for handling networks and endpoints and is being used by a number of companies around the world.
On July 2nd, Kaseya acknowledged a compromise of its VSA tool, that’s impacting all the customers using it. While the exact number wasn’t pronounced then, it has now revealed that “only approximately 50 of the more than 35,000 Kaseya customers being breached.”
Kaseya also said that around 1,500 downstream companies, managed by their direct customers were impacted by this. Unofficially, this number could be in thousands, say several security researchers.
Kaseya’s VSA tool performs deployment of software and automation of IT tasks as two of its functions, making it a hot target for attackers.
A zero-day vulnerability (CVE-2021-30116) found and privately disclosed by Dutch Institute for Vulnerability Disclosure (DIVD) to Kaseya, was exploited by one of the affiliates of REvil group, causing the deployment of ransomware and encrypting systems.
The vulnerability led attackers to bypass authentication and for remote code execution, similar to Accellion’s FTP case in the SolarWinds case earlier this year.
Kaseya has already readied a fix for patching this vulnerability and be pushed to SaaS environments, after completing the testing and validation checks. All of its customers are advised to shut down their VSA endpoints until then, as warned by Kaseya, White House, FBI, and CISA.
REvil ransomware, on the other hand, claims to have hit more than one million systems, and just reduced their ransom demand from $70 million to $50 million for a universal decryptor.