Cybersecurity

Cybersecurity researchers say they warned Kaseya of flaw in April

The Miami-based technology firm at the center of the worldwide security breach carried out by Russia-linked hackers was warned in early April of the cybersecurity vulnerability that was ultimately taken advantage of by the cyber criminal gang.

A breach of the Florida technology firm Kaseya last week resulted in hundreds of companies around the world being immobilized, with schools, businesses, public sector groups and credit unions among the firms who have been affected.

The Dutch Institute for Vulnerability Disclosure (DIVD) said in blog posts this week that it had discovered seven vulnerabilities in Kaseya’s system in April and confidentially informed the company.

“When we discovered the vulnerabilities in early April, it was evident to us that we could not let these vulnerabilities fall into the wrong hands,” DIVD said in a blog post on Wednesday. “After some deliberation, we decided that informing the vendor and awaiting the delivery of a patch was the right thing to do. We hypothesized that, in the wrong hands, these vulnerabilities could lead to the compromise of large numbers of computers managed by Kaseya VSA.”

The institute compared the vulnerability to discovering a vulnerability in a high-end car. It argued that making these vulnerabilities public would have put Kaseya and its clients in danger of being exploited, even if information was limited.

“Unfortunately, the worst-case scenario came true on Friday the 2nd of July,” DIVD said. “Kaseya VSA was used in an attack to spread ransomware, and Kaseya was compelled to use the nuclear option: shutting down their Kaseya Cloud and advising customers to turn off their on-premise Kaseya VSA servers. A message that unfortunately arrived too late for some of their customers.”

The DIVD is still withholding details about the vulnerability until “Kaseya has released a patch and this patch has been installed on a sufficient number of systems.”

Hackers associated with the Russia-linked REvil ransomware gang have demanded $70 million in exchange for releasing Kaseya and its clients from the hack. Reports have indicated that the group may have privately lowered their monetary demands.

President Biden will meet with federal agency officials to discuss ways to combat the growing number of ransomware attacks in light of the most recent breach.

White House press secretary Jen Psaki said on Tuesday that Biden “will convene key leaders across the interagency, including the State Department, Department of Justice, DHS [Department of Homeland Security] and members of the intelligence community to discuss ransomware and our overall strategic efforts to counter it.”