Kaseya ransomware attack

Angrebet på Kaseya, som er et remote access produkt, der bruges af it service providers bestod i, at en gruppe hackere fandt og udnyttede en sårbarhed i produktet. De anvendte følgende denne sårbarhed som platform til at udføre et Ransomware angreb.

Se vores Head of Security Research, Charl van der Walt kommentere angrebet på BBC World News.

Kontakt Niels Bødkerholm, hvis du vil vide mere på tlf 4012 1185 eller på mail: niels.bodkerholm@orangecyberdefense.com

 

What to do if you suspect you are affected

Check IOCs

Kaseya has put up a set of IOCs that you can check on their website as well as some more detailed information.

Keep calm and focus

Establish emergency response procedures and systems, and make sure you have runbooks and alert procedures in place

Review backup & disaster recovery

Make sure your backups are safe and available in case you need them

Prepare support for your employees

Establish a security support hotline and prepare to expand the team providing support

Orange Cyberdefense, leverandør af it-sikkerhedsløsninger

Reach out to CSIRT

In case of an actual attack you can reach out to our Emergency Team. Be aware that in times of global crisis our CSIRT teams might already be booked.

The background

Supply chain attacks do not happen by coincidence. They are the inevitable result of a cyber-climate that is driven by strong systemic forces. Some of these forces can be controlled or at least influenced, others can be prepared for. Understanding what these forces are, and how they are linked, is key in better preparing for the next supply chain attack which we will confront.

Based on the SolarWinds attack we have created a whitepaper that examins these factors in detail.

Whitepaper: Winds of change – causes and implications of the SolarWinds compromise