Even four days after the severe hacker attack on the systems of the American IT service provider Kaseya, experts are still puzzling over the extent of the damage that the cybercriminals have caused.
Kaseya himself emphasizes that only a medium double-digit number of customers has been affected so far. However, there are also other service providers.
They use Kaseya’s VSA remote maintenance software to manage their customers’ IT systems, many of whom are medium-sized, and thus import software updates there, among other things.
It threatens a kind of domino effect so that the initial attack could have spread to far more than those affected so far. The hacker group Ravil, which claims to have carried out the attack, claims to have infected more than a million computers with the Sodinobiki encryption software.
With the help of this blackmail trojan, Ravil had already attacked the world’s largest meat company JBS from Brazil at the beginning of June and paralyzed it quickly.
Join Our Small Business Community
Get the latest news, resources and tips to help you and your small business succeed.
Ravil is demanding a ransom of 70 million dollars from the US Company to release the Kaseya systems, payable in the digital currency Bitcoin.
Not only would it be one of the most significant cyber-attacks to date, but it would also be the highest extortion fee to date, even before the 50 million dollar claim against the Taiwanese computer group Acer in March of this year.
According to the site EarthWeb, the alleged million affected computers are more of a blackmailer threat than reality. So far, at least, the number of known cases has been more in the five-digit than seven-digit range.
The IT service provider Huntress, for example, reports that more than 1,000 companies worldwide have encrypted computers.
According to the crypto trading company bitcoins, the focus of the attack attempts discovered so far is in the USA, Canada, Great Britain, South Africa, Colombia, and Germany; Overall, companies in 17 countries are affected.
In Germany, the Federal Office for Information Security (BSI) reports “several thousand IT devices” encrypted as of Monday afternoon.
According to the current knowledge of the BSI, critical infrastructures or the federal administration are not affected. However, the picture of the situation is developing dynamically.
As Practical as It Is, Sneaky
Much more important than the absolute number of encrypted systems, in the end, is the lessons that companies must learn from the type of attack and the strategy used by the hackers to protect themselves against similar attacks in the future.
Because what makes the procedure so perfidious and practical at the same time is that the hackers do not attack the target company directly. Instead, they play across gangs, so to speak, and initially target an external victim.
In this specific case, it is the company Kaseya, with whose VSA software thousands of IT service providers worldwide support their customers.
So it is irrelevant whether the hackers managed to get into the VSA service via a poorly secured login, as the IT experts at Huntress report, or whether the attackers exploited a previously unknown vulnerability in the software, as specialists say of the Dutch IT security institute DIVD reported on Sunday.
Crucially, and therefore so dangerous, both Kaseya and the service providers that use VSA are trusted by their customers. So if hackers succeed in penetrating the systems of one of these external partners, they can usually break into their customers’ IT without major hurdles – and install malware there, for example, Sodinobiki.
“These so-called ‘supply chain’ attacks, which start in the digital ‘supply chain’ of companies, have increased dramatically in recent years,” says Thomas Uhlemann, IT specialist at ESET in Jena. “Between November 2020 and February 2021 alone, we documented four major attack waves of this type worldwide.”
In the case of the severe cyber-attack on ten US government agencies and thousands of other companies in autumn 2020, hackers penetrated the electronic “supply chain” of their victims. They had exploited a security hole in the remote maintenance software of the service provider Solar Winds to spread malware.
Deposit and Withdrawal: We want to assure our users that most eToro clients receive withdrawals within two business days of a request. In some individual cases, our anti-money laundering teams need to make a case-by-case assessment, which can delay the process.
There is a $5 fee for a withdrawal and a minimum withdrawal amount of $30. eToro operates in several countries worldwide. EToro uses US Dollars for its platform to operate efficiently and support this global user base because it is a commonly accepted and used currency.
As a result, we charge a conversion fee on all non-US dollar deposits. The conversion fee decreases the more funds you deposit into the eToro platform and is waived for Platinum Plus and Diamond Club members.