Breaking News

Kasia says all cloud customers back online

Kasia says all cloud customers back online

Kasia has successfully deployed security patches to the cloud and on-premises versions of its VSA remote IT monitoring platform to fight the ransomware attack, with no reports of serious issues.

As of 8 a.m. Eastern Time on Monday, the company said restoration of services is in progress, with all of its software-as-a-service customers live and the servers expected to come online for the rest of its customers in the coming hours. . In the meantime, support teams are working with VSA on-premises customers who have requested assistance with the patch.

As promised around 4pm, Kasia started deploying Fix Eastern yesterday.

On-premises users are asked to follow the instructions in Kaseya's "On-premises VSA Startup Readiness Guide" and its strict and best practice guide before installing the VSA 9.5.7a release. Members of the cloud service were asked to follow the instructions in the VSA SaaS Startup Guide and to read the SaaS Security Best Practices Guide.

SaaS users will need an update to change their login password.

In addition, to harden authentication, passwords for all VSA users must be at least 16 characters long to reduce brute force attacks. Other rules affect password change requirements. All complexity rules will be enforced by the system.

It will no longer be possible to disable the signing and approval agent process. All agent process changes must now be approved by a master administrator.

Updates fix three recent vulnerabilities:

Credential leak and business logic flaw: CVE-2021-30116
Cross-Site Scripting Vulnerability: CVE-2021-30119
2FA Bypass: CVE-2021-30120
They also fix four recent vulnerabilities that on-premises users should have patched before July 2:

Remote Code Execution Vulnerability: CVE-2021-30118
SQL Injection Vulnerability: CVE-2021-30117
Local File Inclusion Vulnerability: CVE-2021-30121
XML External Entity Vulnerability: CVE-2021-30201
Now it's time to analyze how the Reville Group, or one of its affiliated criminal groups, learned about and leveraged its brand from the vulnerabilities and attack it used to take the company offline on July 2. And what a loss on the bottom line. Kasia has promised "direct financial assistance for people with disabilities" from the attack.

As a leading IT infrastructure management provider, Kasia will be an attractive target for cyber attackers looking to go after third-party suppliers. Kasia believes that about 60 of its direct customers, a large-scale managed service provider, and 1,500 of their customers were affected by the ransomware. For some reason, none of them, apparently, had their data stolen. This has led to speculation that the attack was planned by a colleague who decided to stick strictly to ransomware for this attack.

The Dutch Institute for Vulnerability Disclosure (DIVD) warned Kasia about the vulnerabilities in April and was working on a patch with the company just before the crisis. Kasia released fixes for many of them before July 2. (See this story and podcast for a more detailed history.)

But according to Bloomberg News, Kasia has been slow to respond to issues in the past. Employees told the news service that broader cybersecurity concerns were flagged multiple times to company leaders between 2017 and 2020. But, he alleged, those issues were often not fully addressed.

"The most obvious problems were software based on outdated code, the use of weak encryption and passwords in Kasia's products and servers, failure to adhere to basic cybersecurity practices such as regularly patching software, and increased sales attention at the expense of other priorities. . . ,” Bloomberg says, as reported by employees.

In an email, Forrester Research analyst Eli Mellon said the steps Kasia took to help and help its customers recover from the attack include a runbook and recommendations on hardening their servers. , which are positive. “Such support must be provided by any third party affected by the ransomware attack. It is also good news that they have released this on-prem patch. However, this does not mean that every affected business is back up and running, as installing the patch is also a lengthy process and some organizations are still affected by ransomware. The most important thing here is to know why this happened and what steps Kasia is taking to prevent it from happening in the future. Complete transparency over their product protection efforts is critical if they want to maintain or rebuild trust with their current customers and prospects.

No comments