Saturday, April 10, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

GandCrab ransomware gang infects customers of remote IT support firms

February 17, 2019
in Internet Security
GandCrab ransomware gang infects customers of remote IT support firms
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Hackers have used a two-year-old vulnerability in a software package used by remote IT support firms to gain a foothold on vulnerable networks and deploy the GandCrab ransomware on those companies’ customer workstations.

At least one company has been hit already, according to a report on Reddit, confirmed by cyber-security firm Huntress Labs.

You might also like

Washington State educational organizations targeted in cryptojacking spree

Critical Zoom vulnerability triggers remote code execution without user input

Nation-state cyber attacks targeting businesses are on the rise

The vulnerability used by the hackers impacts the Kaseya plugin for the ConnectWise Manage software, a professional services automation (PSA) product used by IT support firms.

The Kaseya VSA plugin allows companies to link data from the Kaseya VSA remote monitoring and management solution to a ConnectWise dashboard.

Many small IT firms and other types of managed service providers (MSPs) use the two applications to centralize data from their clients and manage customer workstations from a remote central location.

In November 2017, a security researcher named Alex Wilson discovered an SQL injection vulnerability (CVE-2017-18362) in this plugin that could allow an attacker to create new administrator accounts on the main Kaseya app. He also published proof-of-concept code on GitHub that could automate the attack.

Kaseya released patches at the time, however, based on new evidence, it appears that many companies failed to install the updated Kaseya plugin on their ConnectWise dashboards, leaving their networks exposed.

Attacks exploiting this vulnerability started two weeks ago, around the end of January 2019. One report posted on Reddit describes an incident at an MSP where hackers breached an MSP’s network and then deployed GandCrab ransomware to 80 customer workstations.

A now-deleted tweet that ZDNet wasn’t able to verify claimed that hackers used the same attack routine to infect other MSPs, locking more than 1,500 workstations.

ConnectWise has issued a security alert in response to the growing number of reports surrounding these ransomware attacks, advising users to update their ConnectWise Manage Kaseya plugin. The company said that only companies “who have the Plugin installed on their on-premises [Kaseya] VSA” are impacted.

In an interview with MSSP Alert, a tech news site focused on the MSP sector, Kaseya executive VP of marketing and communications Taunia Kipp said they’ve identified 126 companies who failed to update the plugin and were still at risk.

“We posted a notification/support article to our support help desk and immediately started reaching out via phone/email to those identified who were at risk of impact with resolution,” she said.

Huntress Lab researchers, who said they had “first-hand knowledge” of the incident involving 80 customer workstations that got infected with GandCrab, had some advice for companies that are still running outdated versions of the Kaseya plugin.

The first thing you should do is to immediately disconnect your VSA server from the internet until you can be sure it hasn’t already been infected. While the attacks we saw this week immediately deployed ransomware it’s entirely possible other attackers have known about this vulnerability and may already have a foothold within your system. Disconnecting the VSA server will at least prevent it from deploying ransomware while you investigate.

Next you should thoroughly audit your VSA server and any other critical infrastructure for suspicious/malicious footholds, suspicious accounts, etc. We know this can be a tedious and lengthy process but want you to understand the risks associated with attacker access of this level.

Finally remove the ManagedITSync integration and replace it with the newest version prior to re-connecting your VSA server to the internet.

More ransomware coverage:

Credit: Source link

Previous Post

This AI Can Predict Survival of Ovarian Cancer Patients

Next Post

Lisk Machine Learning (LML) 24 Hour Volume Reaches $3,848.00

Related Posts

Washington State educational organizations targeted in cryptojacking spree
Internet Security

Washington State educational organizations targeted in cryptojacking spree

April 10, 2021
Critical Zoom vulnerability triggers remote code execution without user input
Internet Security

Critical Zoom vulnerability triggers remote code execution without user input

April 10, 2021
Nation-state cyber attacks targeting businesses are on the rise
Internet Security

Nation-state cyber attacks targeting businesses are on the rise

April 10, 2021
These are the terrible passwords that people are still using. Here’s how to do better
Internet Security

These are the terrible passwords that people are still using. Here’s how to do better

April 9, 2021
Why do phishing attacks work? Blame the humans, not the technology
Internet Security

Why do phishing attacks work? Blame the humans, not the technology

April 9, 2021
Next Post
Lisk Machine Learning (LML) Hits 24-Hour Trading Volume of $10,276.00

Lisk Machine Learning (LML) 24 Hour Volume Reaches $3,848.00

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Vue.js vs AngularJS Development in 2021: Side-by-Side Comparison
Data Science

Vue.js vs AngularJS Development in 2021: Side-by-Side Comparison

April 10, 2021
IBM releases Qiskit modules that use quantum computers to improve machine learning
Machine Learning

IBM releases Qiskit modules that use quantum computers to improve machine learning

April 10, 2021
Hackers Tampered With APKPure Store to Distribute Malware Apps
Internet Privacy

Hackers Tampered With APKPure Store to Distribute Malware Apps

April 10, 2021
5 Dominating IoT Trends Positively Impacting Telecom Sector in 2021
Data Science

5 Dominating IoT Trends Positively Impacting Telecom Sector in 2021

April 10, 2021
One-stop machine learning platform turns health care data into insights | MIT News
Machine Learning

One-stop machine learning platform turns health care data into insights | MIT News

April 10, 2021
Machine learning: is there a limit to technological patents in Brazil?
Machine Learning

Disclosing AI Inventions – Part I: Identifying the Unique Disclosure Issues

April 10, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Vue.js vs AngularJS Development in 2021: Side-by-Side Comparison April 10, 2021
  • IBM releases Qiskit modules that use quantum computers to improve machine learning April 10, 2021
  • Hackers Tampered With APKPure Store to Distribute Malware Apps April 10, 2021
  • 5 Dominating IoT Trends Positively Impacting Telecom Sector in 2021 April 10, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates