filmov
tv
Kaseya hack Explained – How was Kaseya Hacked? Kaseya hack floods hundreds of co's with ransomware
Показать описание
Kaseya Ransomware Explained – How was Kaseya Hacked? | Kaseya hack floods hundreds of companies with ransomware
In this episode we are going to talk about the Zero-Day Hack of the Florida based Kaseya IT Company’s VSA software By the Revil ransomware gang. On July 2 2021 Kaseya CEO Fred Voccola said the company shut down its SaaS servers as a precaution to protect more than 36,000 customers. The difference between JBS and Kaseyas hack is this time around, instead of locking up one company itself, Revil has focused its attack on the Kaseya VSA software used by large companies and technology-service providers to manage and distribute software updates to systems on computer networks. This Is no longer a single network attack but a multi-network attack. This latest attack appears to be its largest ever. The incident has allegedly compromised as many as 200 companies and may have infected over 40,000 computers world-wide, according to cybersecurity experts.
We want to make sure we are secure and prepared in case one of these attackers tries to infiltrate our systems so today we are going to take a look at this ransomware attack and see how we can protect our systems and clients from it.
What is Kaseya VSA?
Kaseya VSA is a cloud-based MSP platform that allows vendors to perform patch management and client monitoring for their customers. The vendor describes VSA as remote access and endpoint management applications. The software, Kaseya VSA, is popular with so-called managed service providers (MSPs), which provide IT infrastructure to companies that prefer to outsource these things rather than run them themselves. Hacking the MSP via compromised software like Kaseya VSA means having access to its customers.
How was Kaseya hacked?
The hackers were able to distribute ransomware by exploiting several vulnerabilities in the VSA software, a Kaseya spokeswoman said. By targeting Kaseya's VSA, the hackers were able to open the door to infect more computers in what is known as a supply-chain attack.
The Revil ransomware gang found a zero day vulnerability in the VSA software to circumvent authentication controls, gain an authenticated session, upload a malicious payload, and execute commands via SQL injection, achieving code execution in the process. By infiltrating the VSA Server, any attached client will perform whatever task the VSA Server requests without question. This is likely one of the reasons why Kaseya was targeted. By some estimates, about 60 MSPs and 1,500 downstream businesses around the world have been paralyzed by the ransomware attack, according to the company's CEO Fred Voccola, most of which have been small concerns, like dental practices, architecture firms, plastic surgery centers, and libraries. Again this attack can be classified as 0-day attack on the Kaseya VSA software combined with a Supply-Chain attack on MSP clients.
What is a ransomware attack?
Ransomware attacks involve malware that encrypts files on a device or network that results in the system becoming inoperable. Criminals behind these types of cyberattacks typically demand a ransom in exchange for the release of data.
How does a ransomware attack work?
Wikipedia:
Ransomware is a type of malware from cryptovirology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system so that it is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies are used for the ransoms, making tracing and prosecuting the perpetrators difficult.
Ransomware attacks are typically carried out using a Trojan disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the WannaCry worm, traveled automatically between computers without user interaction.
How does ransomware infect?
Ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user's knowledge.
#Kaseya_hack
#Kaseya_ransomware_attack
#Kaseya_hack_reddit
#Kaseya_attack
#Kaseya_vsa
#revil_ransomware
#malware
#what_is_malware
#malware_definition
#definition_of_malware
#ransomware_attack
#ransomware_attacks
#what_is_ransomware
#cybersecurity
#how_does_ransomware_work
In this episode we are going to talk about the Zero-Day Hack of the Florida based Kaseya IT Company’s VSA software By the Revil ransomware gang. On July 2 2021 Kaseya CEO Fred Voccola said the company shut down its SaaS servers as a precaution to protect more than 36,000 customers. The difference between JBS and Kaseyas hack is this time around, instead of locking up one company itself, Revil has focused its attack on the Kaseya VSA software used by large companies and technology-service providers to manage and distribute software updates to systems on computer networks. This Is no longer a single network attack but a multi-network attack. This latest attack appears to be its largest ever. The incident has allegedly compromised as many as 200 companies and may have infected over 40,000 computers world-wide, according to cybersecurity experts.
We want to make sure we are secure and prepared in case one of these attackers tries to infiltrate our systems so today we are going to take a look at this ransomware attack and see how we can protect our systems and clients from it.
What is Kaseya VSA?
Kaseya VSA is a cloud-based MSP platform that allows vendors to perform patch management and client monitoring for their customers. The vendor describes VSA as remote access and endpoint management applications. The software, Kaseya VSA, is popular with so-called managed service providers (MSPs), which provide IT infrastructure to companies that prefer to outsource these things rather than run them themselves. Hacking the MSP via compromised software like Kaseya VSA means having access to its customers.
How was Kaseya hacked?
The hackers were able to distribute ransomware by exploiting several vulnerabilities in the VSA software, a Kaseya spokeswoman said. By targeting Kaseya's VSA, the hackers were able to open the door to infect more computers in what is known as a supply-chain attack.
The Revil ransomware gang found a zero day vulnerability in the VSA software to circumvent authentication controls, gain an authenticated session, upload a malicious payload, and execute commands via SQL injection, achieving code execution in the process. By infiltrating the VSA Server, any attached client will perform whatever task the VSA Server requests without question. This is likely one of the reasons why Kaseya was targeted. By some estimates, about 60 MSPs and 1,500 downstream businesses around the world have been paralyzed by the ransomware attack, according to the company's CEO Fred Voccola, most of which have been small concerns, like dental practices, architecture firms, plastic surgery centers, and libraries. Again this attack can be classified as 0-day attack on the Kaseya VSA software combined with a Supply-Chain attack on MSP clients.
What is a ransomware attack?
Ransomware attacks involve malware that encrypts files on a device or network that results in the system becoming inoperable. Criminals behind these types of cyberattacks typically demand a ransom in exchange for the release of data.
How does a ransomware attack work?
Wikipedia:
Ransomware is a type of malware from cryptovirology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system so that it is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies are used for the ransoms, making tracing and prosecuting the perpetrators difficult.
Ransomware attacks are typically carried out using a Trojan disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the WannaCry worm, traveled automatically between computers without user interaction.
How does ransomware infect?
Ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user's knowledge.
#Kaseya_hack
#Kaseya_ransomware_attack
#Kaseya_hack_reddit
#Kaseya_attack
#Kaseya_vsa
#revil_ransomware
#malware
#what_is_malware
#malware_definition
#definition_of_malware
#ransomware_attack
#ransomware_attacks
#what_is_ransomware
#cybersecurity
#how_does_ransomware_work
0:20:27
Kaseya hack Explained – How was Kaseya Hacked? Kaseya hack floods hundreds of co's with ransomw...
1:12:46
Kaseya Hack Explained
0:07:05
Kaseya Hack: The Whole Story
0:05:01
The Kaseya Ransomware Attack - What Happened?
0:29:38
Kaseya Ransomware Attack Explained: What You Need To Know | Breach Report
0:11:07
Kaseya Gets Hacked in the Biggest Ransomware Attack in History.
0:13:51
Bugcrowd Security Flash - The Kaseya REvil Attack Explained
0:07:30
Kaseya VSA Ransomware Technical Details and Huntress PoC
0:09:26
Kaseya Ransomware Attack - 5 Key Insights into this Malware campaign
0:03:56
Everything You Need to Know About Kaseya's Ransomware Attack | Shelly Palmer on Fox 5
0:30:04
Kaseya Hack - Why Multilayered Security Is An Absolute Must - S01E08
0:08:57
The Kaseya Ransomware Attack Might Be Huge
0:00:32
Kaseya Ransomware Demo
0:04:30
Kaseya Ransomware Attack | Assignment 01
0:04:28
Kaseya Key Unlocks Companies Data. Russia put Pressure on Hackers and Bad Actors to Shutdown.
0:04:46
Hackers demand $70 million ransom in Kaseya cyberattack | DW News
0:01:01
One of the biggest hack of 2021 was Kaseya ransomware attack! To know more, follow @bugbasesecurity
0:07:23
What We can Learn from KASEYA Ransomware Attack
0:00:55
The Kaseya Ransomware Attack #shorts #viral
0:09:39
Kaseya Cyber Attack. How to recover from Ransomware
0:04:58
Hackers demand $70 million in Kaseya ransomware attack
0:05:15
Hacker Kevin Mitnick on the latest Kaseya ransomware attack
0:16:26
Kaseya VSA Ransomware July 2021
0:18:17
What You Need to Know About Kaseya Ransomware| AT&T ThreatTraq
Комментарии