fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

CISA, FBI Share Guidance For Victims of Kaseya Ransomware Attack

CISA, FBI Share Guidance For Victims of Kaseya Ransomware Attack

CISA and the Federal Bureau of Investigation (FBI) have shared guidance for managed service providers (MSPs) and their customers impacted by the REvil supply-chain ransomware attack that hit the systems of Kaseya’s cloud-based MSP platform.

The two federal agencies advise MSPs affected by the Friday REvil attack to further check their systems for signs of compromise using a detection tool provided by Kaseya over the weekend and enable multi-factor authentication (MFA) on as many accounts as possible.

Furthermore, MSPs should also implement allowlists to limit access to their internal assets and protect their remote monitoring tools’ admin interface using firewalls or VPNs.

The complete list of recommendations shared by CISA and the FBI for impacted MSPs includes:

  • Download the Kaseya VSA Detection Tool. This tool analyzes a system (either VSA server or managed endpoint) and determines whether any indicators of compromise (IoC) are present.    
  • Enable and enforce multi-factor authentication (MFA) on every single account that is under the control of the organization, and—to the maximum extent possible—enable and enforce MFA for customer-facing services.
  • Implement allowlisting to limit communication with remote monitoring and management (RMM) capabilities to known IP address pairs, and/or
  • Place administrative interfaces of RMM behind a virtual private network (VPN) or a firewall on a dedicated administrative network.

Also Read: PDPA Singapore Guidelines: 16 Key Concepts For Your Business

MSP customers affected by the attack are advised to use and enforce MFA wherever possible and protect their backups by placing them on air-gapped systems.

CISA and the FBI advise affected MSP customers to:

  • Ensure backups are up to date and stored in an easily retrievable location that is air-gapped from the organizational network;
  • Revert to a manual patch management process that follows vendor remediation guidance, including the installation of new patches as soon as they become available;
  • Implement MFA and principle of least privilege on key network resources admin accounts.

CISA and FBI involved in the incident-handling process

The two federal agencies are involved in the worldwide incident-handling process for impacted Kaseya customers and are urging all affected MSPs and their customers to follow the guidance shared above.

“Due to the potential scale of this incident, the FBI and CISA may be unable to respond to each victim individually, but all information we receive will be useful in countering this threat,” the FBI said in an official statement issued over the weekend.

The White House National Security Council has also urged victims of this large-scale supply-chain attack to report the incident to the Internet Crime Complaint Center.

Victims were also advised to follow the guidance issued by Kaseya, including shutting down their VSA servers, as well as implementing CISA’s and FBI’s mitigation techniques.

REvil hits Kaseya customers in largest ever ransomware attack

The massive REvil ransomware attack hit multiple managed service providers who are using Kaseya’s cloud-based MSP platform for patch management and client monitoring for their customers.

In all, more than 1,000 customers of 20 MSPs had their systems encrypted in the attack carefully planned to launch on midday Friday as it lined up with the US July 4th weekend, when it’s common for staff to have shorter workdays.

To breach Kaseya on-premises VSA servers, the REvil affiliate behind the attack used a zero-day vulnerability (CVE-2021-30116) — Kaseya VSA is a RMM (Remote Monitoring and Management) software.

As BleepingComputer later found, Kaseya was in the process of patching after being reported privately by researchers at Dutch Institute for Vulnerability Disclosure (DIVD).

However, the REvil affiliate got their hands on the vulnerability’s details and managed to exploit it before Kaseya could start tolling out a validated fix to its customers.

The REvil ransomware group claims to have encrypted over 1,000,000 systems and first demanded $70 million for a universal decryptor to decrypt all Kaseya attack victims. However, today, its operators have quickly loweried the price to $50 million.

This is the highest ransom demand to date, the previous record also belonging to REvil, asking $50 million after attacking Taiwanese electronic and computer maker Acer.

Also Read: Data Protection Officer Singapore | 10 FAQs

This is not the first time REvil ransomware was used in attacks hitting MSPs, with at least one of their affiliates having knowledge of the tech used by MSPs as they have previously exploited in previous incidents.

In June 2019, one of REvil’s affiliates targeted MSPs via Remote Desktop using their management software to deliver ransomware installers to all of the customer endpoints they managed.

The same affiliate is also believed to have previously worked with GandCrab in attacks that compromised MSPs’ networks in January 2019.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us