Last week, the ransomware group REvil hacked the product of the MSP provider Kaseya Virtual System Administrator (VSA) in order to inject ransomware into the computer systems of companies and organizations around the world.
Cybercriminals exploited zero-day vulnerabilities in the VSA during the attack. As it became known now, the supplier was informed about these problems back in April of this year, but the patch for CVE-2021-30116 could not be prepared in time.
Specialists from the Dutch non-profit organization DIVD (Dutch Institute for Vulnerability Disclosure) privately told Kaseya about seven vulnerabilities in VSA. Four were fixed with the release of security updates in April and May of this year. Three of them should be fixed in the next version – VSA 9.5.7.
Unfortunately, one of these unpatched issues (CVE-2021-30116) was exploited by ransomware prior to the release of the patch.
According to some experts, the criminals used a combination of three zero-day vulnerabilities to attack the VSA – authentication bypass vulnerability, arbitrary file upload vulnerability, and code injection vulnerability.
Catch up on more articles here
Follow us on Twitter here