Kaseya Ransomware Attack Triggers Race to Hack Other Managed Services Providers

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360

A ransomware attack in July that paralyzed as many as 1,500 organizations by compromising tech-management software from a company called Kaseya has set off a race among criminals looking for similar vulnerabilities, cyber security experts said.

An affiliate of a top Russian-speaking ransomware gang known as REvil used two gaping flaws in software from Florida-based Kaseya to break into about 50 managed services providers (MSPs) that used its products, investigators said.

Now that criminals see how powerful MSP attacks can be, “they are already busy, they have already moved on and we don’t know where,” said Victor Gevers, head of the non-profit Dutch Institute for Vulnerability Disclosure, which warned Kaseya of the weaknesses before the attack.

“This is going to happen again and again.”

Gevers said his researchers had discovered similar vulnerabilities in more MSPs. He declined to name the firms because they have not yet fixed all the problems.

Managed service providers include companies such as IBM and Accenture offering cloud versions of popular software and specialist firms devoted to specific industries. They typically serve small and medium-sized firms that lack in-house technology capabilities and often boost security.

But MSPs also make an efficient vehicle for ransomware because they have wide access inside many of their customers’ networks. Kaseya’s software serves many MSPs, so the attacks multiplied before Kaseya could warn everyone, rapidly encrypting data and demanding ransoms of as much as $5 million per victim.

The business of MSPs has boomed during the coronavirus pandemic alongside the rapid increase in remote work.

“That’s where you find the trusted access to customers’ systems,” said Chris Krebs, the first leader of the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), which has made ransomware a top priority. “It’s a much more economical approach to launch a breakout attack. And it’s hard for the customer to defend.”

Bugcrowd Inc, one of several platforms where researchers can report vulnerabilities, has also seen security flaws as bad as Kaseya’s, said Bugcrowd Chief…