Security News > 2021 > July > Firm Hacked to Spread Ransomware Had Previous Security Flaws
For 21 years, the software company Kaseya labored in relative obscurity - at least until cybercriminals exploited it in early July for a massive ransomware attack that snarled businesses around the world and escalated U.S.-Russia diplomatic tensions.
A 2019 ransomware attack also rode into computers through another company's add-on software component to the Kaseya VSA, causing more limited damage than the recent attack.
In 2014, Kaseya's own founders sued the company in a dispute over responsibility for a VSA security flaw that allowed hackers to launch a separate cryptocurrency scheme.
Nearly all of Kaseya's security problems have as their root cause well-understood coding vulnerabilities that should have been addressed earlier, said cybersecurity expert Katie Moussouris, the founder and CEO of Luta Security.
New vulnerabilities affecting Kaseya's VSA - including the one exploited by the REvil ransomware gang - were discovered this year by a Dutch cybersecurity research group that says it confidentially warned Kaseya in early April.
With Kaseya in the spotlight, a cybersecurity responder assisting clients stricken by the July 2 ransomware attack discovered what he called a glaring Kaseya security omission: a vulnerability in a public-facing customer portal that had been identified in 2015 but left unpatched.