Unfixed flaws at the core of the REvil ransomware frenzy
[ad_1]
April 1, Researchers from the Netherlands Institute of Vulnerability and Disclosure discovered that the first of the seven vulnerabilities they quickly discovered-all easy to find, some may be catastrophic-existed in a virtual system administrator. IT management system. By April 6, they had discovered 2,200 vulnerable systems and disclosed their findings to Kaseya, the company behind the VSA. In the next few days and weeks, Kaseya repaired four of the seven, but three remained.What happened next was one of them The worst ransomware attack in history.
On July 2, just a few days before the 90-day disclosure deadline given to Kaseya by DIVD, and Ransomware group REvil exploited one of the three remaining VSA vulnerabilities And an additional flaw that eventually spread the malware to as many as 1,500 companies and organizations around the world. Kaseya did not completely ignore the remaining errors. It continues to work with Dutch researchers to repair them-just not fast enough to prevent the worst from happening.
“I really believe that they are doing their best,” said Victor Gevers, the head of DIVD. “They post job postings, hire new security experts, hire external security companies, conduct source code reviews, check their surroundings, and are truly committed to their security status. But all of a sudden.”
A Kaseya spokesperson declined to comment on the matter, citing that the company is investigating the incident.However, since July 2, the company has Repeat The remaining patches are being prepared for release. However, nearly a week after the initial attack, these fixes have still not been achieved.
This does not mean that Kaseya did not respond to the attack. As a precaution, the company quickly shut down its cloud products and began to urgently encourage customers running “local” VSA servers to do the same to limit the impact.The number of publicly accessible VSA servers dropped to About 1,500 July 2nd, Less than 140 As of July 4 and 60 As of today.
However, while a less vulnerable system will certainly prevent the expansion of the attack, it will not help victims whose systems are still locked.
“For many years, Kaseya has had the opportunity to fully address vulnerable vulnerabilities, such as vulnerabilities that allow REvil to wreak havoc on its customers,” said Katie Moussoris, founder of Luta Security and long-term vulnerability disclosure researcher.
Moussouris said that vulnerability disclosure programs and vulnerability reward programs (such as those provided by Kaseya) are a valuable tool for companies looking to strengthen their digital security. However, if the company does not invest in internal security and staffing, these plans alone will not provide adequate defense.
Moussouris said: “We can’t fight against disclosed ransomware one at a time.”
Compared with Kaseya, many companies are much less responsive and collaborative in patching vulnerabilities.However, hosting service providers using Kaseya software are well-known and valuable targets for ransomware attacks; Kaseya himself tried Raise awareness Regarding the issue of 2019. The longer it takes Kaseya to patch, especially considering how easy it is to discover the vulnerability, the more likely it is Others may find them.
The consequences of Kaseya’s mistakes continue. REvil claims to have encrypted more than one million systems as part of the attack, but the hackers seem to have Difficult time It is actually to coax the victim to pay. The organization asked many targets to provide tens of thousands of dollars in customized ransoms, but also said it would cancel the entire attack at a cost of 70 million US dollars.Then it Reduced overall ransom demand To 50 million U.S. dollars. The group’s negotiation portal has also been disrupted.
[ad_2]
Source link