Kaseya provides remote management software used by thousands of IT support firms to manage millions of their end users computers. Kaseya was targeted in a supply chain attack to deliver ransomware to a claimed million of their customers computers.
Managed Service Providers who provide outsourced IT support for small and medium sized enterprises rely on Kaseya software to remotely monitor and manage their clients computers. This necessarily places the Kaseya software in the heart of their clients networks in a trusted position. On 2nd July 2021 Kaseya issued a statement reporting that the REvil ransomware gang targeted a zero day vulnerability (CVE-2021-30116) in the Kaseya VSA product allowing them to bypass authentication and run arbitrary commands.
Kaseya has published a security advisory which includes Indicators of Compromise and a compromise detection tool. Kaseya believes around 60 MSP were affected, leading to ‘fewer than 1500’ downstream businesses being affected – although the REvil gang claims this still amounts to a million devices being infected with their ransomware in this attack.
Concerned Security Managers should contact their MSP to discover if Kaseya software has been deployed into their network.
The NCSC has stated that they believe the impact on UK businesses will be limited (because of the limited market penetration by Kaseya in the UK) and points security managers to their guidance on how to establish control over their supply chains and mitigate the risk of ransomware.