Kaseya fixes VSA. REvil disappears. Facebook takes down Iranian hacking campaign.

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

Kaseya fixes VSA (and the US wants Russian action against REvil).

Kaseya this past Sunday afternoon pushed fixes for VSA’s on-premises and SaaS versions. At 8:00 AM the company’s update indicated that patching was proceeding quickly:

“As posted in the previous update we released the patch to VSA On-Premises customers and began deploying to our VSA SaaS Infrastructure prior to the 4:00 PM target. The restoration of services is now complete, with 100% of our SaaS customers live as of 3:30 AM US EDT. Our support teams continue to work with VSA On-Premises customers who have requested assistance with the patch.”

The general consensus is that REvil operates with at the least the knowledge of, and probably with the tacit approval and encouragement, of the Russian government. The joint enforcement action the US has requested of Russia has not materialized, GovInfoSecurity notes. Moscow is standing on ceremony as it expresses its commitment to the rule of law (as the Register puts it, “with a straight face”) but so far there are few if any signs of Russian authorities taking action against the gangs that operate with impunity from its territory.

In an hour-long phone call on Friday, July 9th, US President Biden communicated his expectations concerning ransomware operations to Russian President Putin. Reuters reports that in President Biden’s estimation the call “went well,” and that he expects Russian cooperation against gangs like REvil. Should expected Russian cooperation not be forthcoming, President Biden said the US was prepared to take certain actions on its own. He and Administration officials declined to say what such actions might be. At the White House daily press conference on Friday, Press Secretary Psaki said President Biden “underscored the need for President Putin to take action to disrupt these ransomware groups.”

The CyberWire’s coverage of the incident so far may be found here:

REvil disappears.

REvil’s disappearance early Tuesday morning from its usual online haunts (including the HappyBlog) remains unexplained. The New York Times and others note that the vanishing followed a US request that Russia do something about ransomware gangs operating from its territory, but it’s…


Ransomware-as-a-service business model takes a hit in the aftermath of the Colonial Pipeline attack

Cybercrime gangs are finding it harder to recruit partners for the affiliate programs that power ransomware attacks.

Abstract Malware Ransomware virus encrypted files with keypad on binary bit red background. Vector illustration cybercrime and cyber security concept.

Image: iStockphoto/nicescene

The best way to stop the ever-increasing wave of ransomware attacks is to take away the financial incentive behind these cyber crimes. The response to the Colonial Pipeline ransomware attack may be the first step in doing just that. Both governments and hacker forums have made it harder for ransomware gangs to use the ransomware-as-a-service (RaaS) model. This scalable business model requires several groups: engineers to write encryption software, network penetration experts to find and compromise targets and professional negotiators to ensure maximum payout. 

Bryan Oliver, a senior analyst at Flashpoint said that the response from governments in the wake of the Colonial Pipeline attack has made it harder for ransomware groups to recruit partners.

“The main result of government action has been the banning of ransomware group recruitment from the top tier underground Russian forums,” Oliver said.  

Oliver said this change will not end ransomware attacks any time soon, but it is a significant step because it makes the ransomware-as-a-service model less profitable.

“The Exploit and XSS forums were the recruiting grounds for these ransomware groups, and losing access to those means losing access to new partners,” he said.

Oliver said that the administrators of these forums also banned the DarkSide collective in mid-May and distributed their deposit of roughly $1 million to DarkSide “partners” who claimed they had not been paid by DarkSide. 

“They have also since removed posts from their forums related to ransomware recruitment,” he said.

Amit Serper, Guardicore’s vice president of research for North America, said that he hopes to see a change in ransomware attacks with the U.S. and other national governments stepping up their fight against bad actors.

“The fact that the U.S. government managed to seize some of the funds that were paid by Colonial sets an interesting…


Securing the Apple mobile enterprise takes context

Apple’s prescence has expanded from being the brand behind a few Macs in the creative department; it is now a key mobile and productivity provider across every top enterprise. But even Apple’s platforms face security challenges as people work remotely. I caught up with Truce Software CEO Joe Boyle to discuss Apple in the workplace and his company’s approach to managing the mobile enterprise.

Apple goes to work

“It feels like Apple and the enterprise are practically synonymous today,” Boyle said.

Even those companies that don’t issue Macs and iPhones themselves are likely to support their use by employees. “With a growing ecosystem of enterprise partners available, it has become possible to completely outsource and automate the entire lifecycle of Apple devices,” he said.

“The consumerization of IT has caused a seismic shift in favor of Apple’s growing presence in the enterprise. From an enterprise mobility standpoint, we’ve seen growth and expansion of Apple devices across various industries and use cases. Companies want to leverage the power of the iOS platform to enable a more connected and better-equipped workforce.“

There are other trends, too:

  • Employees increasingly use their own devices and computers for work.
  • They are more engaged than ever in the tech they use.
  • Businesses are adopting a mobile-first approach.

This trend has also driven a change in business processes, said Boyle. “Businesses have transformed workflow processes to be mobile friendly (if not mobile first) to make workers, and operations overall, more efficient,” he said.


TrickBot Takes Over, After Cops Kneecap Emotet – Threatpost

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.

TrickBot Takes Over, After Cops Kneecap Emotet  Threatpost