What Happened in the Kaseya Breach?
Kaseya VSA is an RMM (Remote Monitoring and Management) product used by managed service providers worldwide.
Hackers were able to exploit a vulnerability and infect thousands of machines around the world with ransomware. The effect of the breach, which began July 2, is not fully known but it is estimated to have impacted 50-60 Managed Services Providers (MSPs) and 800 to 1,500 small to medium-sized businesses.
When the attack was first discovered, Kaseya instructed companies with VSA installed to shut down their VSA servers immediately. Kaseya pulled its data centers offline and shut down their SAAS servers to minimize the impact. A fix for the vulnerabilities that led to this breach is expected to be released by the evening of Sunday July 11th.
What Is Remote Monitoring and Management (RMM)?
Your managed service provider (MSP) needs access to all your computers, networks and other endpoints, wherever they may be and at pretty much any time. It is how the MSP responds to helpdesk tickets, proactively monitors your endpoints, applies updates and patches, and more. Sometimes called network management or network monitoring, RMM installs an “agent” on every endpoint that sends information about the endpoint’s health and status back to the MSP. The MSP can then monitor and make changes without ever needing to physically touch the endpoint. With remote and hybrid work on the rise, remote IT management is now a critical component of cybersecurity and IT management.
What About Potential Future RMM Breaches?
Because breaches often exploit previously unknown weaknesses, they can’t be prevented entirely. Furthermore, other hackers are exploiting the situation by targeting potential victims with a spam campaign pushing Cobalt Strike payloads disguised as a Kaseya VSA security update. The campaign is deployed with malicious emails with attachments named “SecurityUpdates.exe” to make it look like a legitimate Microsoft patch. Be on the alert for suspicious emails with these sorts of claims and downloadable files.
As cyber criminals continue to attack, it is important to have a proactive cybersecurity plan. SWAT System’s multi-layer prevention includes threat detection, liability assessment, anti-virus strategies and employee education. On top of that, our engineers are constantly monitoring your network, watching its health, network availability, firewalls, antivirus software and applications.
If you are a current client, reach out with any questions or concerns through your account manager or any of your normal communication channels.
Not a SWAT client yet? Contact us or book a meeting to learn how SWAT Systems can manage your IT and cybersecurity to keep your business operating efficiently and safely.