Security News > 2021 > July > Kaseya Releases Patches for Flaws Exploited in Widespread Ransomware Attack

Florida-based software vendor Kaseya on Sunday rolled out software updates to address critical security vulnerabilities in its Virtual System Administrator software that was used as a jumping off point to target as many as 1,500 businesses across the globe as part of a widespread supply-chain ransomware attack.

The latest development comes days after Kaseya warned that spammers are capitalizing on the ongoing ransomware crisis to send out fake email notifications that appear to be Kaseya updates, only to infect customers with Cobalt Strike payloads to gain backdoor access to the systems and deliver next-stage malware.

The use of trusted partners like software makers or service providers like Kaseya to identify and compromise new downstream victims, often called a supply-chain attack, and pair it with file-encrypting ransomware infections has also made it one of the largest and most significant such attacks to date.

The Kaseya attack marks the third time that ransomware affiliates have abused Kaseya products as a vector to deploy ransomware.

In February 2019, the Gandcrab ransomware cartel - which later evolved into Sodinokibi and REvil - leveraged a vulnerability in a Kaseya plugin for the ConnectWise Manage software to deploy ransomware on the networks of MSPs' customer networks.

Then in June 2019, the same group went after Webroot SecureAnywhere and Kaseya VSA products to infect endpoints with Sodinokibi ransomware.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/en3pGVzKbvE/kaseya-releases-patches-for-flaws.html