As Kaseya restored its VSA software with customers officially coming back online today nearly 10 days after Kaseya was initially hacked some former employees say the massive ransomware attack could, and should have, been prevented.
Former Kaseya software engineering and developers said they had warned Kaseya leaders for years of dangerous security flaws in its products but those concerns were never fully addressed, according to a report by Bloomberg. Additionally, Bloomberg said some employees who flagged Kaseya’s security issues quit over frustration that newer features and products were prioritized over fixing the problems or were fired over inaction.
Some of the largest security problems within Kaseya included outdated code, weak encryption and passwords in products, as well as the general failure to meet basic cybersecurity requirements including continuous patching of its software and servers, according to Bloomberg who declined to identify the former employees due to non
Kaseya Ransomware Attack Could Have Been Prevented: Report
crn.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from crn.com Daily Mail and Mail on Sunday newspapers.
Researchers warned Kaseya April 6 about one of the vulnerabilities that REvil ended up exploiting nearly three months later in a crippling ransomware attack.
The Dutch Institute for Vulnerability Disclosure (DIVD) said that researcher Wietse Boonstrain in April discovered seven vulnerabilities in Kaseya’s VSA remote monitoring and management product and notified the New York- and Miami-based IT service management vendor about the flaws less than a week later. Eighty-seven days later, REvil took advantage of a flaw flagged by DIVDthat still wasn’t resolved.
“Last weekend, we found ourselves in the middle of a storm,” DIVDresearcher Frank Breedijk wrote Wednesday. “A storm created by the ransomware attacks executed via Kaseya VSA using a vulnerability which we confidentially disclosed to Kaseya. … Unfortunately, the worst-case scenario came true.”
By Juha Saarinen on Jul 9, 2021 10:16AM Source: Trustwave
Malware in attack excludes former Soviet bloc nations and Syria.
The Kaseya Virtual Systems Administration (VSA) remote management and monitoring system software that was hijacked in a devastating ransomware attack had multiple critical vulnerabilities, security researchers found.
Researchers at the Dutch Institute for Vulnerability Disclosure (DIVD) found seven vulnerabilites in Kaseya VSA on-premise, and reported them to the vendor ahead of last week s REvil attacks worldwide.
Kaseya was quick to respond and to develop patches for four of the vulnerabilites but two critical bugs remain to be addressed. As we stated before, Kaseya’s response to our disclosure has been on point and timely; unlike other vendors, we have previously disclosed vulnerabilities to, DIVD researcher Frank Breedijk wrote.
Get Permission
Kaseya CEO Fred Voccola has defended his company s actions but acknowledged those affected by a ransomwware attack are very, very frustrated. (Source: Kaseya)
Global software vendor Kaseya worked in earnest for three months to resolve flaws in its VSA monitoring and management software, but ultimately lost the race with ransomware attackers, Dutch researchers say.
On Wednesday, the researchers who had found flaws in VSA released a timeline and description of issues that give more context into the engineering challenges Kaseya faced.
The researchers, with the Dutch Institute of Vulnerability Disclosure (DIVD), found seven vulnerabilities, six of which affected the software-as-a-service and on-premises versions of VSA and one of which that only affected the on-premises version.
vimarsana © 2020. All Rights Reserved.