FBI, CISA share guidance for those affected by the Kaseya VSA ransomware attack

Jul 06, 2021 - 12:56 PM
Cybersecurity Lock on Gold Wall

The FBI and Cybersecurity & Infrastructure Security Agency July 4 released guidance to respond to the recent supply-chain ransomware attack leveraging a vulnerability in Kaseya VSA software against multiple managed service providers and their customers. Among other actions, CISA and FBI strongly urge affected MSPs and their customers to download the Kaseya VSA detection tool, which analyzes a system and determines whether any indicators of compromise are present; enable and enforce multi-factor authentication on every single account that is under the control of the organization, and — to the maximum extent possible — enable and enforce MFA for customer-facing services; implement allowlisting to limit communication with remote monitoring and management capabilities to known IP address pairs. President Biden has directed the full resources of the government to investigate this incident.  
  
John Riggi, AHA's senior advisor for cybersecurity and risk, said, “This attack once again demonstrates that our cyber adversaries are conducting highly researched and strategic attacks targeting ubiquitous technology service providers that provide broad access to the initial targets and their customer base. It is incumbent upon all of us to implement and maintain risk-based vendor risk management programs, which identify mission critical business associates, their dependencies and any business associate, software or service that has elevated network access and privilege. Implementing the above controls is essential not only to mitigate the Kaseya risk, but also represents best practices to mitigate similar strategic third-party risk as we have seen in the recent SolarWinds, MS print spooler and Exchange compromises." 
 
For more on this or other cyber and risk issues, contact Riggi at jriggi@aha.org.
 

Related News Articles

Headline
Russian state-sponsored cyber actors targeting tech companies, others 
The FBI, along with the National Security Agency and other international cybersecurity agencies, this week released a joint agency advisory on cyber operations…
Headline
FBI warns of cyber actors exploiting end-of-life routers
The FBI's Internet Crime Complaint Center released an alert May 7 warning of cyber actors exploiting vulnerabilities in end-of-life routers. Routers dated 2010…
Headline
FBI warns of malicious text, voice-messaging campaign impersonating senior U.S. officials
The FBI’s Internet Criminal Complaint Center May 15 released an alert warning of a malicious text and voice messaging campaign involving impersonators…
Headline
AHA blog — 3 Must-know Cyber and Risk Realities: What’s Ahead for Health Care in 2025 
In his latest AHA Cyber Intel blog, John Riggi, AHA national advisor for cybersecurity and risk, examines the state of cyber and physical threats in 2025 as…
Headline
Report: Health care had most reported cyberthreats in 2024 
Health care had more cyberthreats last year than any other critical infrastructure industry, according to the FBI's 2024 Internet Crime Report released April…
Headline
NSA report includes recommendations for OT device security
The National Security Agency April 23 released a report on operational technology systems that includes recommendations for security policies and technical…