As Kaseya restored its VSA software with customers officially coming back online today nearly 10 days after Kaseya was initially hacked some former employees say the massive ransomware attack could, and should have, been prevented.
Former Kaseya software engineering and developers said they had warned Kaseya leaders for years of dangerous security flaws in its products but those concerns were never fully addressed, according to a report by Bloomberg. Additionally, Bloomberg said some employees who flagged Kaseya’s security issues quit over frustration that newer features and products were prioritized over fixing the problems or were fired over inaction.
Some of the largest security problems within Kaseya included outdated code, weak encryption and passwords in products, as well as the general failure to meet basic cybersecurity requirements including continuous patching of its software and servers, according to Bloomberg who declined to identify the former employees due to non
Kaseya Ransomware Attack Could Have Been Prevented: Report crn.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from crn.com Daily Mail and Mail on Sunday newspapers.
Researchers warned Kaseya April 6 about one of the vulnerabilities that REvil ended up exploiting nearly three months later in a crippling ransomware attack.
The Dutch Institute for Vulnerability Disclosure (DIVD) said that researcher Wietse Boonstrain in April discovered seven vulnerabilities in Kaseya’s VSA remote monitoring and management product and notified the New York- and Miami-based IT service management vendor about the flaws less than a week later. Eighty-seven days later, REvil took advantage of a flaw flagged by DIVDthat still wasn’t resolved.
“Last weekend, we found ourselves in the middle of a storm,” DIVDresearcher Frank Breedijk wrote Wednesday. “A storm created by the ransomware attacks executed via Kaseya VSA using a vulnerability which we confidentially disclosed to Kaseya. … Unfortunately, the worst-case scenario came true.”
Kaseya Was Warned In April Of Vulnerability Exploited By REvil Gang crn.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from crn.com Daily Mail and Mail on Sunday newspapers.