CISA and the Federal Bureau of Investigation (FBI) continue to respond to the latest ransomware attack on the supply chain that exploited a vulnerability in Kaseya VSA software against multiple managed service providers (MSPs) and their customers. CISA and FBI urge affected MSPs and their customers to follow the guidelines below.

CISA and FBI recommend affected MSPs:

  • Download the. down Kaseya VSA detection tool. This tool analyzes a system (either VSA server or managed endpoint) and determines if there are any indicators of a compromise (IoC).
  • Enable and enforce Multi-Factor Authentication (MFA) for every single account under the control of the company, and enable and enforce MFA as much as possible for customer-facing services.
  • Implement allow lists to limit communications with remote monitoring and management functions (RMM) to known IP address pairs; and / or
  • Place the RMM management interfaces behind a virtual private network (VPN) or firewall on a dedicated management network.

CISA and FBI recommend that MSP customers affected by this attack take immediate action to implement the following cybersecurity best practices. Note: These actions are especially important for MSP customers whose RMM service is currently down due to the Kaseya attack.

CISA and FBI recommend affected MSP customers:

  • Make sure backups are up to date and stored in an easily accessible location away from the corporate network;
  • Return to a manual patch management process that follows the vendor’s guidance, including installing new patches as they become available;
  • To implement:
    • Multi-factor authentication; and
    • Principle of least authorization for administrator accounts of the most important network resources.


CISA and FBI are making these resources available for reader awareness. CISA and FBI do not endorse or guarantee the accuracy of the linked resources.

Read more under KAG

(Visited 40 times, 40 visits today)

Source link
#CISAFBI #Guide #MSPs #Customers #Affected #Kaseya #VSA #Supply #Chain #Ransomware #Attack #Homeland #Security #Today

Leave a Reply