Kaseya VSA Supply Chain Attack Victims Now Face Phishing, Other Scams

Spammers are taking advantage of the news about the ransomware attack.

Edward Gately, Senior News Editor

July 9, 2021

2 Min Read
phishing
Shutterstock

Spammers are targeting victims of last weekend’s Kaseya VSA supply chain ransomware attack with phishing schemes and other malicious tactics.

The Kaseya VSA supply chain ransomware attack impacted about four-dozen customers. That includes 35 MSPs. About 1,500 of their customers also suffered.

In its latest alert to customers, Kaseya said spammers are using the news about the incident to send out fake email notifications that appear to be Kaseya updates.

“These are phishing emails that may contain malicious links and/or attachments,” it said. “Spammers may also be making phone calls claiming to be a Kaseya partner reaching out to help. Kaseya is not having any partners reach out. Do not respond to any phone calls claiming to be a Kaseya partner. Do not click on any links or download any attachments in emails claiming to be a Kaseya advisory.”

Moving forward, all new Kaseya email updates won’t contain any links or attachments, the company said.

Vulnerabilities Fixed

The attackers breached Kaseya VSA, just one of the company’s 27 modules. Kaseya VSA is its remote monitoring and management (RMM) service. All of the MSPs were using the VSA on-premises product.

VSA, both on-premises and SaaS, should be back Sunday afternoon. Both were previously expected to be back up this week.

In the meantime, Dan Timpson, Kaseya’s CTO, said the vulnerabilities that led to the attack have been fixed.

Timpson-Dan_Kaseya.jpg

Kaseya’s Dan Timpson

“First and foremost from a software or code perspective, we have fixed the vulnerabilities in our software for on premises and our cloud,” he said. “We’ve documented the fixes and we’ve had those peer-reviewed by the external parties. We’re also looking at our internal process controls from deployment and how we deploy to the cloud, and we’ve updated our runbooks as a result. So in effect, what we’re doing as a company is adding a lot more rigor to our processes, our deployment, to the code base, to keep everyone safe and to improve the overall security posture of our products.”

The fact that the malicious hackers were only able to breach VSA was by design, Timpson said. With the IT Complete platform’s modular design, it will “segment and protect the rest of our customer population in those technologies.”

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.

Read more about:

MSPs

About the Author

Edward Gately

Senior News Editor, Channel Futures

As senior news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like