Criminals Leverage Supply Chain Attack to Create Malware and Backdoors
Posted by: GuidePoint Security
Published: July 13, 2021, 2:16pm
Cybercriminals haven’t wasted any time taking advantage of the recent attack on a large cloud-based MSP platform services provider. Last week, researchers discovered phishing campaigns promoting fake fixes to prevent ransomware attacks related to “a vulnerability in Kaseya.” The phishing emails advise recipients to open an attachment and install a “Microsoft” update to protect from ransomware. The attachment, called SecurityUpdates.exe, launches the Cobalt Strike tool, which is then used to infiltrate the system and deploy malware.
On July 11th, the company issued a patch to address the three virtual system/server administrator (VSA) vulnerabilities (CVE-2021-30116, CVE-2021-30119, and CVE-2021-30120) used by the REvil ransomware gang to initiate the worldwide attack against the vendor and its customers. You can read more on the details of the attack on the cloud-based MSP platform vendor in our blog post from last week.
Next Steps
Organizations using the vulnerable cloud-based MSP platform are encouraged to update their systems immediately. Information on the update is available here.
In addition, businesses are advised to protect themselves from phishing and other malicious campaigns by installing a robust email security system. Organizations that believe they may be victims of ransomware are urged to work with a professional ransomware investigation and response team to perform a thorough examination and analysis and determine the best course of action to restore files and systems.
GuidePoint Security