[ad_1]
According to cybersecurity investigators, hackers launched a ransomware attack on Friday and affected at least 200 companies.
In what appears to be one of the largest supply chain attacks to date, hackers committed Kaseya, an IT management software provider, to spreading the ransomware to managed service providers using their technology, as well as to their customers in turn.
Cybersecurity group Huntress Labs attributed the attacks on REvil, the famous Russia-linked ransomware cartel that the FBI claimed was behind parallel attack on beef supplier JBS.
The attack is the latest example of hackers arming the IT supply chain to attack victims on a large scale, breaching only one vendor. Last year, it appeared that state-backed Russian hackers had hijacked the computer software group SolarWinds to penetrate the email networks of U.S. federal agencies and corporations, for example.
Friday afternoon, Kaseya dear that about 40 of its 36,000 direct customers had been affected by the attacks. He urged those who use the compromised tool “VSA server”, which provides remote monitoring features and patches turn it off immediately.
“We believe we have identified the source of the vulnerability and are preparing a patch to mitigate it for our local customers that will be thoroughly tested,” the company added.
Meanwhile, Huntress said three managed service providers she worked with had been compromised, causing nearly 200 companies to fall victim to ransomware attacks, where hackers encrypt data and only publish if paid. a rescue.
Huntress said she knew of at least eight committed cloud service providers, suggesting the number of ransomware victims could be much higher.
Allan Liska, of Recorded Future’s computer security incident response team, said that customers of managed service providers are usually small and medium-sized businesses looking for computer support. But the attacks highlight the risks of relying on centralized third parties, he said.
“Essentially we’ve given up too much confidence so that if something happens to them, it becomes a catastrophic event for your organization without any guilt,” he said.
In an alert, the Cybersecurity and Infrastructure Agency said it was “taking steps to understand and address the recent supply chain ransomware attack.”
The campaign is the latest in a series of daring ransomware attacks this year, including those in the U.S.’s Colonial Pipeline, that have prompted Biden administrations to commit to cracking down on the perpetrators.
At last month’s Geneva summit, President Joe Biden urged Russian President Vladimir Putin to curb ransomware hackers, many of whom are believed to operate with impunity in the country.
[ad_2]
Source link