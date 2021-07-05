The FBI said Sunday the "scale" of a major ransomware attack against a U.S. IT company could mean investigators won't be able to work with every victim individually.
Hackers hit Kaseya, a firm that provides IT services to other companies, with a ransomware attack that could have targeted as many as 1,000 other businesses on Friday, just before the long holiday July 4 weekend in the United States.
The FBI said it had opened an investigation along with the Cybersecurity and Infrastructure Security Agency and other U.S. federal agencies "to understand the scope of the threat."
"If you believe your systems have been compromised, we encourage you to employ all recommended mitigations, follow Kaseya's guidance to shut down your VSA servers immediately and report to the FBI," the bureau said in a statement Sunday, referencing the signature networking software that was attacked.
"Although the scale of this incident may make it so that we are unable to respond to each victim individually, all information we receive will be useful in countering this threat," the FBI statement said.
President Joe Biden said Saturday that he had ordered an investigation, in particular to find out whether the assault had come from Russia.
"We're not sure yet," he said Saturday.
Russian-based hackers have been blamed for a string of ransomware attacks, and Biden recently raised the threat in talks with Russian counterpart Vladimir Putin.
Ransomware attacks typically involve locking away data in systems using encryption, making companies pay to regain access.
Kaseya describes itself as a leading provider of IT and security management services to small and medium-sized businesses. VSA is designed to let companies manage networks of computers and printers from a single point.
The company said in a new statement Sunday that they were working "around the clock in all geographies" to get their systems working again.
They said they hoped to get a restricted version of their platform running again within days.
The disruption forced Swedish supermarket chain Coop Sweden to close on Saturday because their cash register system had been taken down in the attack.
Multiple U.S. companies, including the computer group SolarWinds and the Colonial oil pipeline, have also recently been targeted by ransomware attacks.© 2021 AFP
Kentarogaijin
Russians getting ready to help again Trumpyclown to win in 2024 ???..
Let's see..
bass4funk
Here we go again, and Biden is now going to do what about this latest attack?
M3M3M3
Who decided that a supermarket in Sweden needs to be connected to servers in Florida to sell me a loaf of bread? Much of the blame here belongs to our increasing reliance on global connectivity and the assumption that it will never be disrupted.
expat
As long as people continue to outsource their servers, back office, accounting, data storage, etc, they will be vulnerable. Ever thought about why law firms, brokerages, etc always have their own IT staffs?
Desert Tortoise
The are probably not connected to anything in Florida. Coop is a software customer of the Norwegian financial software firm Visma. Visma is off line due to the hack of Kaseya. Kaseya itself has branches in the US, Europe and Asia-Pacific region. At this point it appears 1000 out of Kaseya's 36000 customers are affected, including about 30 Managed Service Providers or MSPs such as Visma who's downstream customers like Coop are affected. Kaseya's security software detected the hack and shut down their cloud to protect their other customers.
Incidentally Visma along with the US companies Recorded Future and Rapid7 have been the objects of a long term cyber espionage campaign by a Chinese government sponsored group known as APT10, for Advanced Persistent Threat 10. Visma has 850,000 customers globally. In addition APT10 has been engaged in a cyberespionage campaign against a major US law firm involved in intellectual property law with clients in the pharmaceutical, technology, electronics, biomedical, and automotive sectors.
It might be too soon to jump to the conclusion the hack came from Russia considering the known Chinese interest in Visma.
Desert Tortoise
https://www.recordedfuture.com/apt10-cyberespionage-campaign/
Desert Tortoise
More on APT10:
https://www.msspalert.com/cybersecurity-breaches-and-attacks/apt10-attacked-msp-visma/
Desert Tortoise
For more than two years, the DHS’ National Cybersecurity and Communications Integration Center (NCCIC) has tracked hackers that are using advanced persistent threat (APT) tools aimed at breaking into the networks of both MSPs and CSPs and the infrastructure of their customers.
The threat actors are exploiting trusted relationship between provider and customer, figuring that the provider commands delicate information that can get the bad actor inside the customer’s network.
In December, 2018, two Chinese nationalists were charged with hacking into U.S.-based MSPs to hit end-customer networks worldwide. The victims included major MSP wings of IBM and HP Enterprise at the time.
Two months earlier, the U.S. Department of Homeland Security warned MSPs and cloud services providers (CSPs) that cyber gangsters where targeting their systems and remote monitoring and management software to infiltrate end-customer networks.
In early January, Data Resolution, an MSP, help desk provider and Microsoft partner in California, was nailed by a Ryuk ransomware attack.
Desert Tortoise
nsikt and Rapid7 warned that APT10 is a major threat to large corporations worldwide. “We believe APT10 is the most significant Chinese state-sponsored cyber threat to global corporations known to date. On top of the breadth, volume, and targets of attacks that APT10 has conducted since at least 2016, we now know that these operations are being run by the [MSS],” said the analysts. APT10’s hackers operate under shell companies such as Huaying Haitai Science and Technology Development Co Ltd and under the direct supervision of their regional bureau in Tianjin,
P. Smith
Just ignore this as more hoaxes from the corrupt FBI. Or, send in the Space Force.
Commodore Perry
Russian-based hackers have been blamed for a string of ransomware attacks, and Biden recently raised the threat in talks with Russian counterpart Vladimir Putin.
Seems a stronger response is needed. Something beyond a whisper.
P. Smith
Biden should send in SEAL Team 6, and announce the mission beforehand simultaneously on Twitter and Fox “News.”