We use cookies to improve your experience and optimize user-friendliness. Read our privacy policy for more information on the cookies we use and how to delete or block them. To continue browsing our site, please click accept.
Winning Back-Office Strategies to Boost Your Business Agility
VIEWpoint Issue 1 | 2023
2023 Compliance Trends: Staying Ahead in an Evolving Regulatory E...
By John Hock, CPA, CISA, CITP, SOC – Manager, IT Advisory and Security Group
Over the holiday weekend, Kaseya, a Miami-based IT management software firm, was the victim of a REvil ransomware attack – compromising close to 1,500 known businesses across in at least 17 countries.
Specifically, Kaseya’s VSA software was the target of the attack. The software is leveraged by many large managed security service providers (MSSPs) that help small to midsize businesses monitor and control their computer networks.
REvil, the same Russian-language group behind the attack on meat processor JBS over the Memorial Day weekend, appeared to have identified a vulnerability within the Kaseya’s coding to be in a position to demand $70 million to unlock the businesses affected by the hack.
Due to the nature of the software and its users, its impact is expected to be widespread, which won’t likely be known for some time. However, at this point it is believed those businesses using the software as a service (SaaS) solution have not been impacted by the attack based on updates posted to the company’s website.
Kaseya is working on releasing a patch as quickly as possible to get customers back up and running safely. In the meantime, if you or your MSSP are leveraging Kaseya VSA, it has been recommended to take those servers offline immediately and await further instruction from Kaseya.
Use the Compromise Detection Tool to aid in the determination if you are directly affected by this attack.
In addition, you should begin the early stages of your Incident Response Plan and continue to monitor Kaseya’s incident updates and apply patches when they are available.
Recently, this type of supply-chain attack has been more and more frequent. If you have not assessed your cybersecurity posture, you should. Doeren Mayhew’s IT and cybersecurity advisors have helped numerous organizations get a clear picture of where they stand from a cybersecurity perspective and identified ways to improve their cybersecurity posture. Contact us today to learn more.
This publication is distributed for informational purposes only, with the understanding that Doeren Mayhew is not rendering legal, accounting, or other professional opinions on specific facts for matters, and, accordingly, assumes no liability whatsoever in connection with its use. Should the reader have any questions regarding any of the news articles, it is recommended that a Doeren Mayhew representative be contacted.
A quick registration is required to view our resources.
You will only be asked to do this one time (unless you don't save your browser cookies).