Kaseya ransomware attack
Angrebet på Kaseya, som er et remote access produkt, der bruges af it service providers bestod i, at en gruppe hackere fandt og udnyttede en sårbarhed i produktet. De anvendte følgende denne sårbarhed som platform til at udføre et Ransomware angreb.
Se vores Head of Security Research, Charl van der Walt kommentere angrebet på BBC World News.
Kontakt Niels Bødkerholm, hvis du vil vide mere på tlf 4012 1185 eller på mail: firstname.lastname@example.org
What to do if you suspect you are affected
Kaseya has put up a set of IOCs that you can check on their website as well as some more detailed information.
Keep calm and focus
Establish emergency response procedures and systems, and make sure you have runbooks and alert procedures in place
Review backup & disaster recovery
Make sure your backups are safe and available in case you need them
Prepare support for your employees
Establish a security support hotline and prepare to expand the team providing support
Reach out to CSIRT
In case of an actual attack you can reach out to our Emergency Team. Be aware that in times of global crisis our CSIRT teams might already be booked.
Supply chain attacks do not happen by coincidence. They are the inevitable result of a cyber-climate that is driven by strong systemic forces. Some of these forces can be controlled or at least influenced, others can be prepared for. Understanding what these forces are, and how they are linked, is key in better preparing for the next supply chain attack which we will confront.
Based on the SolarWinds attack we have created a whitepaper that examins these factors in detail.Whitepaper: Winds of change – causes and implications of the SolarWinds compromise