ChannelLife Australia logo
Industry insider news for Australia's technology resellers
Story image

Kaseya ransomware attack: MSPs warned to shut down VSA servers

By Nick Forrester
Mon 5 Jul 2021
FYI, this story is more than a year old

IT infrastructure and software firm Kaseya confirmed it had been hit by a ransomware attack over the weekend.

The attack targeted VSA, the company’s remote monitoring & management solution, used by MSPs and IT teams. 

On Friday, Kaseya CEO Fred Voccola confirmed that the company’s incident response team had caught wind of the breach. As a result, the company shut down its SaaS servers and notified its on-premises customers to shut down their VSA servers to prevent them from being compromised. 

Kaseya then directed its incident response to determine the attack’s root cause, and also informed the FBI and CISA, the US federal cybersecurity agency.

Vocolla says, “While our early indicators suggested that only a very small number of on-premises customers were affected, we took a conservative approach in shutting down the SaaS servers to ensure we protected our more than 36,000 customers to the best of our ability. 

“We have received positive feedback from our customers on our rapid and proactive response.”

Secureworks chief threat intelligence officer Barry Hensley says he has not yet seen a ‘significant impact’ across his company’s customer base.

“Less than ten organisations appear to have been affected, and the impact appears to have been restricted to systems running the Kaseya software,” says Hensley. 

“We have not seen evidence of the threat actors attempting to move laterally or propagate the ransomware through compromised networks. That means that organisations with wide Kaseya VSA deployments are likely to be significantly more affected than those that only run it on one or two servers.

“Based on what we know right now, we believe that this was an orchestrated attack against a subset of Kaseya VSA clients, largely managed IT service providers (MSPs),” Hensley continues. 

“The evidence we have does not indicate that Kaseya’s software update infrastructure has been compromised. That does mean that, while we have seen limited impact across our customer base, there may be larger clusters of victims elsewhere based on use of common MSPs.”

Yesterday Kaseya engaged the services of computer incident response firm FireEye to identify specific indicators of compromise (IoCs) in order to determine which systems and data were accessed. Kaseya then began remediating the code and working with select customers to field test the changes’ once we have completed the work and tested it thoroughly in our environment’. 

“At this time, we believe that none of our NOC customers (neither SaaS nor on-premises) were affected by the attack,” Kaseya said in an update on its website yesterday.

The company also rolled out a Compromise Detection Tool, designed to help customers identify their system’s status. This was rolled out to around 900 customers who requested the tool.

In an update posted on July 5, Kaseya confirmed that it would bring its SaaS data centers back online on a one-by-one basis — starting with its  EU, UK and APAC data centers and followed by its North American data centers.

NCSC, New Zealand’s cybersecurity agency, today posted an update on its website confirming it is aware of the attack and that it may present ‘significant risk’ to organisations in New Zealand. 

The agency says that preliminary details about the activity suggest that VSA admin accounts are disabled shortly before ransomware is deployed.

The NCSC’s update said: “The NCSC strongly recommends that organisations determine if Kaseya VSA is utilised in your environment, either by your own internal IT team or by a service provider who has access to your network.”

Related stories
Top stories
Story image
eCommerce
Online shoppers leaving cart because of high shipping costs - report
New research commissioned by HUBBED reveals 90% of online shoppers abandoned a cart due to high shipping costs, and 64% say the lack of security was a purchase deterrent.
Story image
Physical Security
PMT Security awarded sole Australian distribution rights to SmokeCloak
PMT Security will soon become the sole distributor of SmokeCloak in Australia, with the company being awarded the exclusive rights to represent the SmokeCloak brand.
Story image
Artificial Intelligence
Exclusive: NZ-based DEFEND offers global cyber protection
DEFEND supports customers in 66 countries across the globe with a relentless focus on ensuring that every dollar spent on security provides a meaningful return on investment and reduces cyber risk.
Story image
Transcribe
VIQ Solutions starts contract with Queensland Courts DJAG
VIQ Solutions has started providing transcription and recording services to Queensland Courts Department of Justice and Attorney General.
Story image
Microsoft
Spectralink DECT devices now integrated with Microsoft Teams SIP Gateway
Spectralink DECT devices are now integrated with Microsoft Teams SIP Gateway to help create better results for business-critical frontline workers.
Story image
Tablets & laptops
Chromebook and tablet shipments see another rapid decline for the year
According to research from Canalys PC Analysis, Chromebook and tablet shipments have fallen for the fourth quarter in a row for Q2 of 2022.
Story image
i-PRO
VisualCortex and i-PRO partner for enhanced APAC deployments
VisualCortex and i-PRO have partnered to facilitate enterprise-wide Computer Vision technology deployments in APAC.
Story image
Artificial Intelligence
Runecast's award-winning platform future-proofs businesses
Runecast provides both security and operations teams with what a few industry experts have called a 'must-have' solution.
Story image
ACCC
Telstra to address 5G competition concerns by ACCC
The Australian Competition and Consumer Commission has accepted a court-enforceable undertaking from Telstra to address competition concerns with Optus.
Story image
Tech job moves
Tech job moves - Cohesity, Equinix, IDC, Proofpoint & Xero
We round up all job appointments from July 29 - August 5, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Document Management
TrustRadius gives M-Files two document management awards
TrustRadius has recognised M-Files with both a 2022 Best Feature Set and a 2022 Best Relationship award in document management.
Story image
CRM
Forrester names Pega a Leader in CRM Solutions 2022 report
Forrester Research has named Pega a Leader among 11 competitors in The Forrester Wave: Core CRM Solutions, Q3 2022 report.
Story image
Phishing
Top universities lagging on basic cybersecurity - report
Universities in Australia, the US and the UK are lagging on basic cybersecurity measures, creating higher risks of email-based impersonation attacks.
Wiise
Discover why cloud ERP is central to a growing business' tech stack. Sign up now for free.
Link image
Story image
Compliance
Why security needs to shape your journey to the cloud
It's estimated that 80% of workloads could be in the cloud in the next few years. How can you make all that data secure?
Story image
Wireless
Hands-on review: James Donkey RS4 Knight Wireless Gaming Keyboard
I have always liked mechanical keyboards, and this is no exception. I find the action much easier to use than the modern keyboards with limited travel.
Story image
Data Protection
Cloud privacy, data protection more complex than on-prem
In the past 12 months, over a third of Australian businesses (36%) experienced a cloud-based data breach or failed audit. 
Story image
Cheetah Digital
Privacy, data ethics and the ‘seismic shift’ in consumer trust
Aussie consumers have low levels of trust for advertising, but will pay more to purchase from a trusted brand, a new report from Cheetah Digital reveals.
Story image
Enterprise
Fortinet reports second quarter 2022 financial results
“We delivered strong revenue and billings growth in the second quarter driven by an increase in the number of transactions larger than one million dollars."
Story image
Home Entertainment
Hands-on review: TCL 65″ C835 Mini LED 4K Google TV
We introduce you today to a TV that brings the height of immersion to your viewing experience: The TCL 65″ C835 Mini LED 4K Google TV.
Story image
Inde
Exclusive: Inde provides innovative solutions across the tech sector
Inde likes to call its approach the 'power of the collective', which essentially means that if a client approaches the company with a problem, they'll get the team's collective insight to help drive the best outcome.
Story image
Hybrid Cloud
The essential guide to digital transformation by SolarWinds
Digital transformation is a buzzword thrown around all the time by companies, but what does it actually mean and why is it important? SolarWinds breaks it down.
Story image
Tablets & laptops
Hands-on review: Xencelabs Graphic Display Tablet
Xencelabs seemed to show up out of nowhere on the market. I had no idea who they were or what they were about, but I was very intrigued.
Story image
Identity and Access Management
Pitney Bowes launches rebranded digital visitor management offering in A/NZ
Pitney Bowes has launched Smart Access Management (SAM), its rebranded digital visitor and contractor management offering in Australia and New Zealand.
Story image
Firewall
Fortinet unveils compact firewall for hyperscale data centres, 5G networks
"Fortinet’s dedication to pushing the boundaries of what is possible in security performance has yielded the most powerful compact firewall yet."
Story image
Wireless
Wave Audio spices up portfolio with first ever party speaker
Australian-based pioneers Wave Audio are enhancing their extensive range of groundbreaking new audio products by adding one of the most versatile speakers on the market to their growing portfolio.
Story image
Neat
Workplace design a crucial factor for better employee experience - report
The key to a successful workplace could be its design, according to research from Ecosystm and Neat.
Story image
Cybersecurity
Optic Security Group on Australia recruitment drive
Trans-Tasman security integrator looks to meet the twin challenges of high client project demand tight & labour market supply with new opportunities.
Story image
10 Minute IT Jams
Video: 10 Minute IT Jams - An update from Heidrick & Struggles
Graham Kittle joins us today to discuss how the company is helping organisations bring about change within their business.
Story image
Sustainability
Green hydrogen company Hysata raises AUD $42.5 million
Global investors are supporting Hysata's hydrogen electrolyser technology as the organisation closes its oversubscribed Series A funding round of AUD $42.5 million. 
Story image
Sustainability
Phronesis Security achieves B-Corp certified status
Phronesis Security has become the first cyber security company in Australia to achieve the coveted B Corp certification, having been certified since June 2022. 
Story image
Data Protection
Video: 10 Minute IT Jams - An update from SearchInform
Alexey Pinchuk joins us today to discuss the role the company plays in helping organisations manage risk and provide better security outcomes.
Story image
SAP
Microsoft unveils two new security products to help reduce attack surfaces
The products are set to give companies deeper insights into threat actor activity and help them successfully navigate the changing threat landscape.
Story image
SaaS
Claroty launches new cloud-based industrial cybersecurity platform
The company says Claroty xDome is the industry's first solution to deliver the ease and scalability of SaaS without compromising on visibility, protection, and monitoring controls.
Story image
Malware
Nozomi Networks Labs identifies impacts on 2022 threat landscape
Nozomi Networks’ latest research finds that wiper malware, IoT botnet activity, and the Russia/Ukraine war have had the biggest impact on the threat landscape in 2022 so far.
Story image
Biometrics
AU biometric security company achieves B Corp cert
Australian biometric security firm Daltrey has announced it has become the first cybersecurity vendor in AU to achieve the B Corp certification.
Story image
Data
Consumers will stop doing business over data practices
“Data privacy remains a concern for consumers when it comes to sharing their information with an online retailer with an unclear view of privacy laws."
Story image
BAI Communications Australia
BAI Communications to help improve mobile coverage across regional NSW
Deputy Premier and Minister for Regional NSW Paul Toole said regional communities deserve reliable and affordable mobile services.
Story image
Cybersecurity
More than a fifth of cybersecurity teams ban the use of public WiFi
Verizon’s fifth annual Mobile Security Index report has revealed a continued rise in significant cyberattacks in the last year involving a mobile/IoT device.
Story image
Wireless
Wave Audio delivers ultimate immersion with new wireless earbuds
Wave Audio, one of Australia's best new audio brands, has recently released a set of landmark noise-cancelling true wireless earbuds, the Immersive Pro.
Story image
Mergers and Acquisitions
Netskope acquires Infiot, delivers integrated SASE platform
Converged SASE platform provides AI-driven zero trust security and simplified, optimised connectivity to any network location or device, including IoT.
Story image
Digital Transformation
Macquarie Telecom rolls out SD-WAN services for mycar Tyre & Auto
Macquarie Telecom says it has rolled out NBN and SD-WAN services to more than 270 mycar Tyre & Auto stores across Australia.