Security News

Worried about supply chain attacks? Tom Merritt can help you understand your risk. Whether its Stuxnet, SolarWinds or Microsoft Exchange, chances are you've read about supply chain attacks.

Worried about supply chain attacks? Tom Merritt has answers for you.

Web infrastructure and website security company Cloudflare last month fixed a critical vulnerability in its CDNJS library that's used by 12.7% of all websites on the internet. CDNJS is a free and open-source content delivery network that serves about 4,041 JavaScript and CSS libraries, making it the second most popular CDN for JavaScript after Google Hosted Libraries.

U.S. technology firm Kaseya, which is firefighting the largest ever supply-chain ransomware strike on its VSA on-premises product, ruled out the possibility that its codebase was unauthorizedly tampered with to distribute malware. While initial reports raised speculations that REvil, the ransomware gang behind the attack, might have gained access to Kaseya's backend infrastructure and abused it to deploy a malicious update to VSA servers running on client premises, in a modus operandi similar to that of the devastating SolarWinds hack, it has since emerged that a never-before-seen security vulnerability in the software was leveraged to push ransomware to Kaseya's customers.

A ransomware attack against a single company's software product is having a ripple effect across more than 1,000 organizations. The supply chain nature of Kaseya's business means that far more companies have now been caught in the aftermath of the attack.

Since the SolarWinds' supply chain attack, there has been an increased focus on how organizations of all sizes ensure the security of their suppliers. In the first quarter of 2021, 137 organizations reported experiencing supply chain attacks at 27 different third-party vendors, while the number of supply chain attacks rose 42% from the previous quarter.

Kaseya has said it's been unable to find signs its code was maliciously modified, and offered its users a ray of hope with news that it is testing a patch for its on-prem software and is considering restoring its SaaS services on Tuesday, US Eastern Daylight Time. The beleaguered IT for service providers company is fighting a supply chain attack on its VSA product that it has documented with a rolling advisory that was updated at 09:30PM on July 5th EDT. The update has good news and bad news.

IT management software provider Kaseya has deferred an announcement about restoration of its SaaS services, after falling victim to a supply chain attack that has seen its products become a delivery mechanism for the REvil ransomware. The update is needed because last Friday Kaseya advised users of its on-premises software to shut it down ASAP after a detecting a supply chain attack on its VSA product - a tool that combines endpoint management and network monitoring.

The threat actors behind the REvil ransomware gang appear to have pushed ransomware via an update for Kaseya's IT management software, hitting around 40 customers worldwide, in what's an instance of a widespread supply-chain ransomware attack. Following the incident, the IT and security management services company said it took immediate steps to shut down our SaaS servers as a precautionary measure, in addition to notifying its on-premises customers to shut down their VSA servers to prevent them from being compromised.

Supply chain cyberattack could have wide blast radius through compromised MSPs. Software maker Kaseya Limited is urging users of its VSA endpoint management and network monitoring tool to immediately shut down VSA servers to prevent them from being compromised in a widespread ransomware attack. While the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency had not yet issued an official alert as of early Saturday, the agency said late Friday that it was "Taking action to understand and address the recent supply-chain ransomware attack against Kaseya VSA and the multiple managed service providers that employ VSA software."