Kaseya Warns Of Hackers Emailing Fake Security Updates

Share post:

Kaseya cautioned its customers that an ongoing phishing campaign is attempting to hack their networks by sending emails with malicious attachments and embedded links that pose as VSA security updates.

While Kaseya gave no further details on the attacks, the warning is the latest in a series of malspam emails targeting Kaseya customers with Cobalt Strike payloads.

The ultimate goal of the attackers is to install Cobal Strike beacons on the recipient’s devices to backdoor them and steal sensitive information or deliver other malicious software payloads.

As soon as the targets run the malicious attachment or download the fake Microsoft update and run it on their devices, the attackers gain permanent remote access to the now compromised systems.

Since Kaseya has so far failed to find a solution to REvil’s VSA zero-day breach, some of its customers may fall for the tricks of this campaign.

The infamous REvil ransomware attack, which hit Kaseya and around 1,500 of its direct customers and downstream companies, makes for a perfect lure theme.

After the attack became public, CISA and the FBI issued steps to deal with the aftermath of the attack, and the White House National Security Council urged victims to follow the instructions issued by Kaseya and report incidents to the FBI.

Despite the enormous scope of the attack, however, several victims stated that their backups were not affected and they restored the systems instead of paying the ransom.

Victims who ultimately pay the ransoms of REvil are likely to do so only because their backups have failed, or because they had none at all.

For more information, read the original story in Bleeping Computer.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Leaked documents may show the inside of China’s hacking strategy

Documents apparently stolen by disgruntled employees to embarrass their firm may give insight into China's cyber

Abuse of valid accounts by threat actors hits a high, says IBM

Attackers are finding that obtaining valid credentials is an easier route to achieving their goals, s

Cyber Security Today, Feb. 21, 2024 – A patch warning from ConnectWise, the latest ransomware news, and more

This episode reports on a report comparing business email compromise attacks against ransomware

UK leads takedown of LockBit ransomware gang’s website

The LockBit ransomware gang’s website has been seized, several news agencies reported late Monday. The Reuters news agency and The Register are carrying stories based on a new splash screen that has appeared on the gang’s website. It says, “This site is now under the control of the National Crime Agency of the UK, working

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways