Threat actors are trying to capitalize on the ongoing Kaseya ransomware attack crisis by targeting potential victims in a spam campaign pushing Cobalt Strike payloads disguised as Kaseya VSA security updates. In that vein, Kaseya has not yet restored their cloud service, hitting setbacks that have pushed restart. The company has also pledged financial assistance to those MSPs that have been affected by the attack. The Dutch Institute for Vulnerability Disclosure posted in their blog this week that they had confidentially informed Kaseya of seven vulnerabilities in April. Indications now are that the attacks led to ransomware on their VSA systems in less than two hours.
Also of note – the ransomware demand has come down to $50 million, leading to some speculation that the REvil gang may have been a lot more successful than they planned for – the sprawl of the incident is too big.
In all the noise about Kaseya, it would have been possible to miss the story of an attack on Synnex. They too were attacked, and one of the victims was the Republican National Committee. The Russian foreign intelligence service is suspected to be behind it.
Babuk ransomware is back, despite announcing their exit. They have a new version of their malware and a new leak site.
In that context, the Next Web highlights 5 gangs to know. DarkSide, REvil, Clop, Syrian Electronic Army, and FIN7. Names to know.
Axios tried to rank the ransomware sizes, wondering if the Kaseya one was the largest in history. Turns out it’s hard to measure an attack as information changes over time. Variables include the number of victims, the estimated costs in losses of data and time, or the amount paid.
And Western Digital is not having a good run – a third vulnerability in more of their devices.
The Biden administration had Anne Nueberger, deputy national security adviser for cyber and emerging technology, deliver a message to the US Conference of Mayors this week. The focus – the administration’s efforts to fight ransomware. The message – be more proactive and meet with state-level officials to test cybersecurity posture.
In that context, 1 in 4 employees say they still have access to accounts from past jobs. And, nearly half of professionals share passwords and a third say they write them on paper.
Why do we care?
I’m working on a larger set of thoughts for IT services providers for an editorial, but let’s highlight something here. The administration is not wrong in terms of highlighting overall minimal damage, despite the wide ranging hit in small businesses. In context of a national security breach – SolarWinds – or a run on fuel – Colonial Pipeline – the Kaseya incident is much more dispersed. Because it’s spread across so many small companies, the impact is not felt in a single punch.
The difference for me to highlight is that smaller companies can’t write a check to make the pain go away the way a larger company or government can. As I highlight measuring financial incentives to determine action, remember that. The big can write checks the small can’t.