For 21 years, the software company Kaseya worked in relative darkness – at least until cybercriminals took advantage of it in early July for a massive ransomware attack that disrupted companies around the world and escalated diplomatic tensions between the US and Russia.
However, it turns out that the recent hack wasn’t the first major cybersecurity problem to hit the Miami-based company and its core product, which IT teams use to remotely monitor and manage computer systems and other devices in the workplace.
“It feels a bit like dejaà-vu” said Allie Mellen, a security analyst at Forrester Research.
For example, in 2018, hackers managed to infiltrate Kaseya’s remote tool to get a “Cryptojacking” Operation that channels the performance of affected computers for mining cryptocurrencies – often without the victims noticing. It was a less damaging attack than the most recent ransomware attack that couldn’t be missed as it crippled affected systems until their owners paid. But it similarly relied on Kaseya’s Virtual System Administrator (VSA) product to gain access to the companies that depend on it.
A 2019 ransomware attack also infiltrated computers through another company’s add-on software component to the Kaseya VSA, causing less damage than the most recent attack. Some experts have linked this earlier attack to some of the same hackers who later founded REvil, the Russian-speaking syndicate that was blamed for the most recent attack.
And in 2014, Kaseya’s own founders sued the company over responsibility for a VSA vulnerability that allowed hackers to launch a separate cryptocurrency system. Aside from a brief mention from 2015 in a technical blog post, the court case appears to have not been previously reported. At the time, the founders denied responsibility for the vulnerability, citing the company’s charges against them as “false claim.”
Almost all of Kaseya’s security problems are rooted in well-understood coding vulnerabilities that should have been fixed sooner, said cybersecurity expert Katie Moussouris, founder and CEO of Luta Security.
“Kaseya has to shape itself, as does the entire software industry.” She said. “This is a failure to take into account the lessons the beetles taught you. Kaseya, like many companies, fails to learn from these lessons. “
Many of the attacks were based at least in part on so-called SQL injection, a technique that hackers use to inject malicious code into web queries.
#Hacked #Kaseya #previous #security #vulnerabilities