Close Menu
TechCentralTechCentral

    Subscribe to the newsletter

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Facebook X (Twitter) YouTube LinkedIn
    WhatsApp Facebook X (Twitter) LinkedIn YouTube
    TechCentralTechCentral
    • News

      MultiChoice is working on a wholesale overhaul of DStv

      10 July 2025

      Spam call epidemic: operators say their hands are tied

      10 July 2025

      Britehouse unit breaks free from NTT Data

      10 July 2025

      Samsung’s bet on folding phones faces major test

      10 July 2025

      OpenAI to launch web browser in direct challenge to Google Chrome

      10 July 2025
    • World

      Grok 4 arrives with bold claims and fresh controversy

      10 July 2025

      Bitcoin pushes higher into record territory

      10 July 2025

      Cupertino vs Brussels: Apple challenges Big Tech crackdown

      7 July 2025

      Grammarly acquires e-mail start-up Superhuman

      1 July 2025

      Apple considers ditching its own AI in Siri overhaul

      1 July 2025
    • In-depth

      Siemens is battling Big Tech for AI supremacy in factories

      24 June 2025

      The algorithm will sing now: why musicians should be worried about AI

      20 June 2025

      Meta bets $72-billion on AI – and investors love it

      17 June 2025

      MultiChoice may unbundle SuperSport from DStv

      12 June 2025

      Grok promised bias-free chat. Then came the edits

      2 June 2025
    • TCS

      TCS | Connecting Saffas – Renier Lombard on The Lekker Network

      7 July 2025

      TechCentral Nexus S0E4: Takealot’s big Post Office jobs plan

      4 July 2025

      TCS | Tech, townships and tenacity: Spar’s plan to win with Spar2U

      3 July 2025

      TCS+ | First Distribution on the latest and greatest cloud technologies

      27 June 2025

      TCS+ | First Distribution on data governance in hybrid cloud environments

      27 June 2025
    • Opinion

      In defence of equity alternatives for BEE

      30 June 2025

      E-commerce in ICT distribution: enabler or disruptor?

      30 June 2025

      South Africa pioneered drone laws a decade ago – now it must catch up

      17 June 2025

      AI and the future of ICT distribution

      16 June 2025

      Singapore soared – why can’t we? Lessons South Africa refuses to learn

      13 June 2025
    • Company Hubs
      • Africa Data Centres
      • AfriGIS
      • Altron Digital Business
      • Altron Document Solutions
      • Altron Group
      • Arctic Wolf
      • AvertITD
      • Braintree
      • CallMiner
      • CambriLearn
      • CYBER1 Solutions
      • Digicloud Africa
      • Digimune
      • Domains.co.za
      • ESET
      • Euphoria Telecom
      • Incredible Business
      • iONLINE
      • Iris Network Systems
      • LSD Open
      • NEC XON
      • Network Platforms
      • Next DLP
      • Ovations
      • Paracon
      • Paratus
      • Q-KON
      • SevenC
      • SkyWire
      • Solid8 Technologies
      • Telit Cinterion
      • Tenable
      • Vertiv
      • Videri Digital
      • Wipro
      • Workday
    • Sections
      • AI and machine learning
      • Banking
      • Broadcasting and Media
      • Cloud services
      • Contact centres and CX
      • Cryptocurrencies
      • Education and skills
      • Electronics and hardware
      • Energy and sustainability
      • Enterprise software
      • Fintech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Lifestyle
      • Motoring
      • Public sector
      • Retail and e-commerce
      • Science
      • SMEs and start-ups
      • Social media
      • Talent and leadership
      • Telecoms
    • Events
    • Advertise
    TechCentralTechCentral
    Home » Information security » Mass ransomware attack used flaw in IT management software

    Mass ransomware attack used flaw in IT management software

    By Agency Staff5 July 2021
    Twitter LinkedIn Facebook WhatsApp Email Telegram Copy Link
    News Alerts
    WhatsApp

    The hackers behind a mass ransomware attack exploited a previously unknown vulnerability in IT management software made by Kaseya, the latest sign of the skill and aggressiveness of the Russia-linked group believed to be responsible for the incidents, cybersecurity researchers said on Sunday.

    Marcus Murray, founder of Stockholm-based TrueSec, said his firm’s investigations involving multiple victims in Sweden found that the hackers targeted them opportunistically. In those cases, the hackers used a previously unknown flaw in Miami-based Kaseya’s code to push ransomware to servers that used the software and were connected to the Internet, he said.

    Now read: Hackers demand R1-billion after mass extortion attack

    The Dutch Institute for Vulnerability Disclosure said it had alerted Kaseya to a vulnerability in its software that was then used in the attacks, and that it was working with the company on fixes when the ransomware was deployed.

    We were beaten by REvil in the final sprint, as they could exploit the vulnerabilities before customers could even patch

    Kaseya “showed a genuine commitment to do the right thing”, the Dutch organisation wrote. “Unfortunately, we were beaten by REvil in the final sprint, as they could exploit the vulnerabilities before customers could even patch,” it added, referring to the Russia-based hacking group.

    REvil was accused of being behind the 30 May ransomware attack of meatpacking giant JBS.

    ‘Sophisticated’

    The findings differentiate the latest incident — which cybersecurity firm Huntress Labs said affected more than a thousand businesses — from other recent assaults on the software supply chain. For instance, an attack the US blamed on Russia’s foreign intelligence service, disclosed in December, involved altered software updates from another provider of IT management software, Austin, Texas-based SolarWinds. Ultimately, nine federal agencies and at least 100 companies were infiltrated via SolarWinds and other methods.

    A representative for Kaseya didn’t immediately respond to a request for comment on the latest findings. The company has previously said its VSA product was the victim of a “sophisticated cyberattack” and that it had notified the FBI. Kaseya said it has identified fewer than 40 customers impacted by the attack. The company added that its cloud-based services weren’t impacted.

    The US Cybersecurity and Infrastructure Security Agency also said it was continuing to respond to the recent attack, which it said leveraged a “vulnerability in Kaseya VSA software against multiple managed service providers (MSPs) and their customers”.

    Kaseya’s customers include companies that provide remote IT support and cybersecurity services for small and medium-sized businesses.

    In the latest attack, the hackers had to target machines individually. That’s not complicated. Hackers and security researchers have access to many of the same basic tools for scanning the Internet looking for computers that are vulnerable to attack. But by infecting IT support organisations, the malicious software was passed to their customers as well, multiplying the impact.

    One of the known victims — Swedish grocery chain Coop — said on Saturday that most of its more than 800 stores couldn’t open because the attack led to a shutdown of their payment terminals. Others include managed service providers, which provide IT services to other businesses, meaning their infections may have spread to their customers.

    From a criminal standpoint it’s a brilliant supply-chain target to take away the tool that’s needed to recover from the threat

    Murray, of Sweden’s TrueSec, declined to identify any of his firm’s clients. He said because of Kaseya’s central role in managing security and IT that victims could have longer recovery times than in typical ransomware incidents.

    “The tool these organisations are using normally for patching and IT support and recovery is Kaseya,” he said. “It’s a big undertaking when someone takes away all your ability to do the maintenance.”

    ‘Out of the equation’

    “From a criminal standpoint it’s a brilliant supply-chain target to take away the tool that’s needed to recover from the threat,” Murray added. “They’re not only encrypting the systems but they’re also taking the recovery tool out of the equation.”

    Ross McKerchar, vice president and chief information security officer at the cybersecurity firm Sophos, said the hack was “one of the farthest reaching criminal ransomware attacks Sophos has ever seen”.

    “At this time, our evidence shows that more than 70 managed service providers were impacted, resulting in more than 350 further impacted organisations,” he said, in a statement. “We expect the full scope of victim organisations to be higher than what’s being reported by any individual security company.”

    There are victims in 17 countries so far, including the UK, South Africa, Canada, Argentina, Mexico and Spain, according to Aryeh Goretsky, a researcher at cybersecurity firm ESET.

    US President Joe Biden said Saturday that he had ordered ordered a “deep dive” from the intelligence community about the incident, which came just weeks after Biden implored Russian President Vladimir Putin at a summit on 16 June to curb cyberattacks against the US. Biden said “we’re not sure” that Russia is behind the attack. The president said he expects to know more about the attacks on Sunday.

    “The initial thinking was, it was not the Russia government, but we’re not sure yet,” he said.  — Reported by Jordan Robertson and William Turton, (c) 2021 Bloomberg LP

    Now read: Hackers demand R1-billion after mass extortion attack



    ESET Joe Biden Kaseya REvil Sophos top TrueSec
    Subscribe to TechCentral Subscribe to TechCentral
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email Copy Link
    Previous ArticlePro-Trump social media app hacked on launch day
    Next Article China to block Tencent videogaming merger: sources

    Related Posts

    Hackers tighten grip as ransomware epidemic hits South Africa hard

    1 July 2025

    Managed detection and response: a critical imperative for South African SMEs

    9 June 2025

    Washington plans tougher chip curbs on China

    25 February 2025
    Company News

    AI in project management: a new era of efficiency and transformation

    10 July 2025

    Samsung unfolds the future with thinnest, lightest Galaxy Z Fold yet

    9 July 2025

    Huawei supercharges South African SMEs with over 20 new eKit products

    9 July 2025
    Opinion

    In defence of equity alternatives for BEE

    30 June 2025

    E-commerce in ICT distribution: enabler or disruptor?

    30 June 2025

    South Africa pioneered drone laws a decade ago – now it must catch up

    17 June 2025

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    © 2009 - 2025 NewsCentral Media

    Type above and press Enter to search. Press Esc to cancel.