Hacker News new | past | comments | ask | show | jobs | submit login
REvil ransomware executes supply chain attack via malicious Kaseya update (therecord.media)
78 points by afrcnc on July 2, 2021 | hide | past | favorite | 14 comments



MSP are so often the security vulnerability themselves these days, rather than being a security benefit. This isn't the first time this has happened and won't be the last.

How many people are affected this time?

SolarWinds Orion exploit was the basis of the US government hack. Kesaya here is ransomware. Is ConnectWise next?


Maximally efficient is minimally robust.


This article is terrible, the reddit thread is far more useful.


Not sure if this is the thread you were referencing, but it is useful: https://old.reddit.com/r/msp/comments/ocggbv/crticial_ransom...


There were some other submissions about Kaseya, but this one is the first one that describes the problem for us outsiders.


Thanks for the link!


My article isn't meant to serve as an IR report. There are links in it for incident responders looking for IOCs, but they are not the intended audience.


I bought an Asus because of this hack[0]. Personally I believe in security through insecurity. It's not working out.

[0]: https://www.vice.com/en/article/pan9wn/hackers-hijacked-asus...


This issue is not related to Asus laptops.


I know, but supply-chain attacks are being noted as 'new' since SolarWinds.


Tinfoil Hat Disclaimer:

With large ransomware attacks hitting on-premise solutions makes me suspect that perhaps there is a coordinated effort to help “push” people to the cloud.

The massive Microsoft exchange exploit only affecting on premise or hybrid installations. New Kaseya … on premise installations affected…. not newer cloud offerings.

Update: After reading the actual article .. I retract my conspiratorial ramblings…

“ They brought their entire cloud offline. Short of screaming "We've been hacked!" it's pretty certain that they feel it's origin is them.”


On premises solutions leave infrastructure security decisions to the customer. Unless you are a Fortune 500, extremely security conscious, or under regulatory requirements, there is a good chance your security program is not complete and has gaps. Centralized hosting and management (SaaS, PaaS model) has the advantage of security at scale. It also leaves all your eggs in one basket…On-Prem is great IF you have your shit together AND you trust your appliance management better than the cloud provider


> IF you have your shit together AND you trust your appliance management better than the cloud provider

99.9% of Enterprise/on-prem customers do not have their shit together.

Yes, even banks and finance. I have seen banks still running XP on frontline workstations that are supposed to be on the blue network but somehow can surf the web and answer emails.

If you’re looking around trying to figure out if you can do better than the cloud/SaaS provider security-wise… you definitely can’t.


What you forget here is these SaaS companies are just that - companies. Sure, you probably are not going to exceed Microsoft’s security controls internally but there are a LOT of SaaS companies with awful security. Cloud Risk Assessments are a joke half the time because the information available/what they will share is usually pretty limited.

I have also seen fuckery comparable to exposed XP. Most companies WOULD be better trusting the black box that is the cloud.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: