The ransomware attack on digital service provider Kaseya has so far affected some 200 companies and 40,000 computers. But there could be many more. This is why the American company recommends turning off its systems. And someone has already done it: the food chain Coop Sweden, for example, closed 500 branches as a preventive measure. The risk arises from a “supply chain” attack in which several Kaseya VSA servers were used to cascade ransomware from Kaseya service resellers to their customers, as a detailed post from the company explains. of computer security Huntress on the blog where they publish all the updates of the story minute by minute. The same American president Joe Biden was alerted to the attack while on a flight that was not landed until it was verified that there were no dangers associated with the attack. And the American Cybersecurity Authority Cisa has warned everyone of the danger, as Kaseya’s software may have been compromised by Russian-speaking cybercriminal group REvil / Sodinokibi already known for targeted attacks on major companies such as meat giant JBS, Qanta. computer and also against the Spanish telephone operator MasMovil group. Attacks with which he would have earned many millions of ransom dollars.
Targets also hit in Italy
Now what is frightening now is that Italian researchers have discovered that Italy is vulnerable to this type of attack. In the list of companies that use compromised software and that Republic was able to consult – we avoid mentioning them for security reasons -, there are important commercial realities that sell management systems throughout the peninsula and provide IT services to the world of commerce, telephony and energy. For example, a national company that prepares the payslips of Italian universities. Among them there are also organizations that provide connectivity and services to the world of Italian research and education, as well as large companies that provide certified mail and digital identities, financial intermediation and support for digital transformation. One of these, contacted by us, the Human Technopole of Milan which deals with Life Sciences, immediately noticed the problem and blocked its services promptly.
cybercriminate
With 3 attacks discovered in a month, it’s time to take ransomware seriously
by Raffaele Angius
Per Emanuele De Lucia, cybersecurity researcher, among the first to analyze the exposure of Italian companies: “It is a serious fact because the attack on the supply chain targets service providers such as Managed service providers or MSPs. These are strategic targets because as a result of their violation there is the concrete possibility for the attackers to compromise even thousands of customers of the supplier. Kaseya VSA is a very widespread service and mainly used in the US and UK. But this event has the potential to have repercussions at the level There are also certified victims in Europe and Australia. Italy has several companies and service providers in the technology sector that use this software suite and who should immediately address this problem in order to avoid serious consequences “. And in fact, according to the cybersecurity company Huntress Labs who discovered it, this “could be one of the largest criminal attacks in history conducted with ransomware” since having hit IT services it could impact hundreds, perhaps thousands, of small and medium-sized companies. companies.
What is Ransomware and how it works
Ransomware, it must be remembered, is a type of malware, that is, malicious software, which manages to take control of servers and computers, encrypting them, and preventing their use by their legitimate owners until the latter pay a ransom, the ” ransom “in English. And, often, whether it is paid or not, it involves not only the blocking of the affected systems, but also the public exposure of the data of the companies concerned with a corresponding reputational and image damage according to a technique defined as double extortion (double extortion) . Someone compared this ransomware to Wannacry – which blocked British healthcare in 2016 – not only because of its devastating effects, but also because it behaves in a similar way, like a worm (a type of virus) that spreads automatically reaching the resellers of the services and, through them, end users, without any intervention by the attackers or victims.
Because for the US, ransomware attacks are terrorism
by Pierluigi Paganini
The ransomware hits Microsoft Windows and the worst part is that according to initial analyzes it is able to evade Windows Defender, extending the attack to the entire affected network. However, experts also warn against the infection towards IoT services (the Internet of Things), to understand the one that connects sensors and actuators in home automation, smart buildings, printers and refrigerators that are in all offices, but also the sensor network that manages the water and energy supply flows.
Kaseya software runs with high execution privileges and requires the exclusion of antivirus for certain components of the system it runs on, “Ideal conditions for an attacker – according to Pierluigi Paganini, cybersecurity expert at the head of CybHorus – however, the rapid spread of indicators of compromise related to this attack is making it possible to mitigate its effects like never before. Think of the case of Holland, a country where in a few hours the number of potentially vulnerable Kaseya VSA software installations was eliminated thanks to the intervention of the national incident response structures “.
.