Af Eskil Sørensen, 05/07/21
Lukning af Kaseyas VSA-servere led i et REvil supply-chain angreb mod MSP'er (Managed Service Providers) og deres kunder (bl.a. COOP Sverige)
"A massive REvil ransomware attack affects multiple managed service providers and their clients through a reported Kaseya supply-chain attack. Starting this afternoon, the REvil ransomware gang, aka Sodinokibi, targeted MSPs with thousands of customers, through what appears to be a Kaseya VSA supply-chain attack. At this time, there eight known large MSPs that have been hit as part of this supply-chain attack."
<https://blog.malwarebytes.com/cybercrime/2021/07/shutdown-kaseya-vsa-servers-now-amidst-cascading-revil-attack-against-msps-clients/>
<https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689>
<https://www.reddit.com/r/msp/comments/ocggbv/crticial_ransomware_incident_in_progress/>
<https://us-cert.cisa.gov/ncas/current-activity/2021/07/02/kaseya-vsa-supply-chain-ransomware-attack>
<https://www.bleepingcomputer.com/news/security/revil-ransomware-hits-1-000-plus-companies-in-msp-supply-chain-attack/>
<https://therecord.media/revil-ransomware-executes-supply-chain-attack-via-malicious-kaseya-update/>
<https://www.cyberscoop.com/kaseya-revil-ransomware/>
<https://community.sophos.com/b/security-blog/posts/active-ransomware-attack-on-kaseya-customers>
<https://www.itnews.com.au/news/kaseya-supply-chain-ransomware-attack-hits-msp-customers-566858>
<https://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b>
<https://www.bloomberg.com/news/articles/2021-07-02/russia-linked-group-hacks-about-200-businesses-with-ransomware>
<https://blog.talosintelligence.com/2021/07/revil-ransomware-actors-attack-kaseya.html>
<https://www.nytimes.com/2021/07/02/technology/kaseya-a-software-provider-investigates-potential-cyberattack.html>
<https://www.straitstimes.com/world/europe/major-swedish-supermarket-chain-hit-by-cyber-attack>
<https://thehackernews.com/2021/07/kaseya-revil-ransomware-attack.html>
<https://www.bankinfosecurity.com/kaseya-focus-new-supply-chain-ransomware-attack-a-16986>
<https://www.hackread.com/revil-ransomware-targets-1000-business/>
<https://securityaffairs.co/wordpress/119650/cyber-crime/kaseya-vsa-supply-chain-ransomware-attack.html>
<https://www.securityweek.com/it-software-firm-kaseya-hit-supply-chain-ransomware-attack>
<https://unit42.paloaltonetworks.com/threat-brief-kaseya-vsa-ransomware-attacks/>
<https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/kaseya-ransomware-supply-chain>
<https://www.cadosecurity.com/post/resources-for-dfir-professionals-responding-to-the-revil-ransomware-kaseya-supply-chain-attack>
<https://www.nytimes.com/2021/07/02/technology/cyberattack-businesses-ransom.html>
<https://securityaffairs.co/wordpress/119688/cyber-crime/kaseya-zero-day-revil.html>
<https://www.bankinfosecurity.com/interviews/kaseya-ransomware-largest-attack-ive-witnessed-so-far-i-4926>
<https://www.bankinfosecurity.com/biden-orders-investigation-kaseya-ransomware-attack-a-16986>
<https://www.bleepingcomputer.com/news/security/kaseya-was-fixing-zero-day-just-as-revil-ransomware-sprung-their-attack/>
<https://www.bleepingcomputer.com/news/security/revil-is-increasing-ransoms-for-kaseya-ransomware-attack-victims/>
<https://us-cert.cisa.gov/ncas/current-activity/2021/07/04/cisa-fbi-guidance-msps-and-their-customers-affected-kaseya-vsa>
<https://therecord.media/kaseya-zero-day-involved-in-ransomware-attack-patches-coming/>
<https://www.welivesecurity.com/2021/07/03/kaseya-supply-chain-attack-what-we-know-so-far/>
Microsoft udsender nødopdatering for Windows PrintNightmare nuldags-sårbarheden
"Microsoft has released the KB5004945 emergency security update to address the actively exploited PrintNightmare zero-day vulnerability in the Windows Print Spooler service impacting all Windows versions. However, the patch is incomplete and the vulnerability can still be locally exploited to gain SYSTEM privileges."
<https://www.bleepingcomputer.com/news/security/microsoft-pushes-emergency-update-for-windows-printnightmare-zero-day/>
<https://therecord.media/microsoft-releases-out-of-band-fix-for-printnightmare-vulnerability/>
<https://us-cert.cisa.gov/ncas/current-activity/2021/07/06/microsoft-releases-out-band-security-updates-printnightmare>
<https://www.bankinfosecurity.com/microsoft-issues-new-mitigation-advice-on-printnightmare-a-16989>
<https://www.securityweek.com/microsoft-ships-emergency-patch-critical-windows-printnightmare-vulnerability>
Hvordan begrænse ransomware? Internationalt samarbejde og afbrydelse af betalinger er nøglen ifølge eksperter
"Anti-ransomware acts or regulations will require global cooperation, experts say. In the meantime, ransomware victims should cooperate quickly and fully with authorities."