[HN Gopher] REvil ransomware executes supply chain attack via ma...
       ___________________________________________________________________
        
       REvil ransomware executes supply chain attack via malicious Kaseya
       update
        
       Author : afrcnc
       Score  : 45 points
       Date   : 2021-07-02 20:19 UTC (2 hours ago)
        
 (HTM) web link (therecord.media)
 (TXT) w3m dump (therecord.media)
        
       | jnichols35 wrote:
       | This article is terrible, the reddit thread is far more useful.
        
         | campuscodi wrote:
         | My article isn't meant to serve as an IR report. There are
         | links in it for incident responders looking for IOCs, but they
         | are not the intended audience.
        
         | meepmorp wrote:
         | Thanks for the link!
        
         | aliasEli wrote:
         | There were some other submissions about Kaseya, but this one is
         | the first one that describes the problem for us outsiders.
        
         | mjcl wrote:
         | Not sure if this is the thread you were referencing, but it is
         | useful:
         | https://old.reddit.com/r/msp/comments/ocggbv/crticial_ransom...
        
       | roody15 wrote:
       | Tinfoil Hat Disclaimer:
       | 
       | With large ransomware attacks hitting on-premise solutions makes
       | me suspect that perhaps there is a coordinated effort to help
       | "push" people to the cloud.
       | 
       | The massive Microsoft exchange exploit only affecting on premise
       | or hybrid installations. New Kaseya ... on premise installations
       | affected.... not newer cloud offerings.
       | 
       | Update: After reading the actual article .. I retract my
       | conspiratorial ramblings...
       | 
       | " They brought their entire cloud offline. Short of screaming
       | "We've been hacked!" it's pretty certain that they feel it's
       | origin is them."
        
         | TecoAndJix wrote:
         | On premises solutions leave infrastructure security decisions
         | to the customer. Unless you are a Fortune 500, extremely
         | security conscious, or under regulatory requirements, there is
         | a good chance your security program is not complete and has
         | gaps. Centralized hosting and management (SaaS, PaaS model) has
         | the advantage of security at scale. It also leaves all your
         | eggs in one basket...On-Prem is great IF you have your shit
         | together AND you trust your appliance management better than
         | the cloud provider
        
           | [deleted]
        
       | wydfre wrote:
       | I bought an Asus because of this hack[0]. Personally I believe in
       | security through insecurity. It's not working out.
       | 
       | [0]: https://www.vice.com/en/article/pan9wn/hackers-hijacked-
       | asus...
        
         | Neil44 wrote:
         | This issue is not related to Asus laptops.
        
           | wydfre wrote:
           | I know, but supply-chain attacks are being noted as 'new'
           | since SolarWinds.
        
       | esens wrote:
       | MSP are so often the security vulnerability themselves these
       | days, rather than being a security benefit. This isn't the first
       | time this has happened and won't be the last.
       | 
       | How many people are affected this time?
       | 
       | SolarWinds Orion exploit was the basis of the US government hack.
       | Kesaya here is ransomware. Is ConnectWise next?
        
         | bsder wrote:
         | Maximally efficient is minimally robust.
        
       ___________________________________________________________________
       (page generated 2021-07-02 23:01 UTC)