Global
Africa
South Africa
Albania
Australia
Austria
Belgium
Bosnia Herzegovina
Bulgaria
Canada
Canada FR
Croatia
Czech Republic
Denmark
Estonia
Finland 
Finland (English)
France
Germany
Hong Kong
Hungary
Iceland
India
Indonesia
Ireland
Israel
Italy
Kosovo
Latvia
Lithuania
Malaysia
Middle East
Montenegro
Netherlands
New Zealand
North Macedonia
Norway
Philippines
Poland
Portugal
Romania
Saudi Arabia
Serbia
Singapore
Slovakia
Slovenija
Spain
Sweden
Switzerland DE
Thailand
Turkey
USA
Ukraine
United Kingdom
Vietnam
Kaseya VSA Supply Chain Ransomware Attack
A significant reminder of the SolarWinds attack, attackers have once again targeted a trusted software vendor, this time Kaseya, to compromise hundreds of businesses and deploy ransomware. It is known to have affected over 1500 businesses using their on-premises software version.
The attackers targeted a zero vulnerability in Kaseya VSA, a patch and vulnerability management software. The product requires administrator rights to the end systems, which provided an easy target for attackers to push ransomware to thousands of systems.
Compromising Kaseya VSA to deploy ransomware is one of the many methods attackers have used to launch thousands of attacks. While EDR and EPP products protect against many such activities, the sheer number of attacks demonstrates that businesses need a solution to have in-network or stage 2 detection controls that alert on attempts of unauthorized access, credential misuse, and attacker lateral movement.
The Attivo Networks Endpoint Detection Net (EDN) DataCloak function protects customers from this specific ransomware attack and other ransomware attacks that use privilege escalation and lateral movement. The DataCloak function uses concealment technology to hide and deny access to local files, folders, removable storage, and mapped network or cloud shares. The function prevents unauthorized users or processes from enumerating or accessing these protected objects. By denying attackers the ability to see or exploit critical data, organizations can disrupt their discovery and limit the damage from ransomware attacks such as the Kaseya compromise.
Organizations should look into adopting an “assumed breach” posture for their cybersecurity strategy and deploying security controls to detect when threat actors evade existing defenses to get inside the network.
Read Joseph Salazar’s, Technical Marketing Engineer at Attivo Networks, full blog here. More information on Attivo’s anti-ransomware solutions can be found here.
Please contact your local Exclusive Networks Account Manager to learn more about Attivo Networks and how it can protect customers from ransomware attacks that use privilege escalation and lateral movement.
