Just weeks after President Joe Biden implored Vladimir Putin to curb cyber crime, a notorious, Russia-linked ransomware gang has been accused of pulling off an audacious attack on the global software supply chain.<\/p>\n\n\n\n
REvil, the group blamed for the May 30 ransomware attack of meatpacking giant JBS SA, is believed to be behind hacks on at least 20 managed-service providers, which provide IT services to small- and medium-sized businesses. More than 1,000 businesses have already been impacted, a figure that\u2019s expected to grow, according to the cybersecurity firm Huntress Labs Inc.<\/p>\n\n\n\n
\u201cBased on a combination of the service providers reaching out to us for assistance along with the comments we\u2019re seeing in the thread we are tracking on our Reddit, it\u2019s reasonable to think this could potentially be impacting thousands of small businesses,\u201d according to John Hammond, a cybersecurity researcher at Huntress Labs.<\/p>\n\n\n\n
Biden said he had ordered a \u201cdeep dive\u201d by U.S. intelligence officials on what happened in the attacks. At this point, he said \u201cwe\u2019re not sure\u201d that Russia is behind them.<\/p>\n\n\n\n
\u201cI directed the intelligence community to give me a deep dive on what\u2019s happened and I\u2019ll know better tomorrow,\u201d Biden said, recalling that he told Putin during their meeting in June that the U.S. would respond to cyber transgressions. He added that he hasn\u2019t called the Russian president about the latest case.<\/p>\n\n\n\n
Biden Says \u2018Not Sure\u2019 If Russia Is Behind Latest Cyberattack<\/p>\n\n\n\n
\u201cWe\u2019re not sure it\u2019s the Russians,\u201d he said. \u201cThe initial thinking was, it was not Russian government, but we\u2019re not sure yet.\u201d<\/p>\n\n\n\n
Attacking MSPs is a particularly devious method of hacking, since it may allow the attackers to then infiltrate their customers as well. Hammond said more than 20 MSPs have been affected so far.<\/p>\n\n\n\n
In Sweden, most of grocery chain Coop\u2019s more than 800 stores couldn\u2019t open on Saturday after the attack led to a malfunction of their cash registers, spokesperson Therese Knapp told Bloomberg News.<\/p>\n\n\n\n
There are victims in 17 countries so far, including the U.K., South Africa, Canada, Argentina, Mexico and Spain, according to Aryeh Goretsky, a distinguished researcher at cybersecurity firm ESET.<\/p>\n\n\n\n
The ransomware attack is the latest in a string of devastating hacks in recent months, making cybersecurity an increasingly pressing national security issue for the Biden administration. At a summit on June 16, Biden warned Russian President Putin that 16 types of critical infrastructure — including food and agriculture, emergency services and health care — were off limits to future attacks. It\u2019s not yet known if the U.S. victims of the latest ransomware attack fell within those sectors.<\/p>\n\n\n\n
QuickTake: How Cryptocurrency Turbocharged the Cybercrime Racket<\/p>\n\n\n\n
A software supply chain attack revealed in December included nine U.S. agencies and about 100 businesses as victims. Russian-state sponsored hackers were accused of the attack, where hackers implanted malicious code in updates for popular software for SolarWinds Corp. Customers who downloaded the updates inadvertently created a backdoor that the hackers could then exploit. It was particularly sophisticated and highlighted the terrifying potential of supply-chain hacks.<\/p>\n\n\n\n
More recently, ransomware attacks on Colonial Pipeline Co., the operator of the nation\u2019s largest fuel pipeline, and JBS have revealed gaping security vulnerabilities in crucial U.S. businesses. Both Colonial and JBS paid the hackers millions of dollars. The hackers behind the Colonial attack, a group called DarkSide, have also been tied to Russia.<\/p>\n\n\n\n
Friday\u2019s attack appears to combine a supply-chain attack with ransomware, vastly increasing the number of potential victims and presumably, the payout. Ransomware is a type of attack in which hackers encrypt computer files and then demand payment to unlock them.<\/p>\n\n\n\n
Among the companies targeted was Kaseya Ltd., a Miami-based developer of software for managed service providers, as a way to attack its customers, according to cybersecurity experts.<\/p>\n\n\n\n
\u201cWhat makes this attack stand out is the trickle-down effect, from the managed service provider to the small business,\u201d Hammond said. \u201cKaseya handles large enterprise all the way to small businesses globally, so ultimately, it has the potential to spread to any size or scale business.\u201d<\/p>\n\n\n\n
In a statement, Kaseya said it has notified the FBI. The company said it had so far identified less than 40 customers that were impacted by the attack.<\/p>\n\n\n\n
Allan Liska, a senior threat analyst at cybersecurity firm Recorded Future Inc., said REvil was behind the attacks.<\/p>\n\n\n\n
Eric Goldstein, the executive assistant director for cybersecurity at the U.S. Cybersecurity and Infrastructure Security Agency said the group is closely monitoring this situation.<\/p>\n\n\n\n
\u201cWe are working with Kaseya and coordinating with the FBI to conduct outreach to possibly impacted victims,\u201d he said in a statement. \u201cWe encourage all who might be affected to employ the recommended mitigations and for users to follow Kaseya\u2019s guidance to shut down VSA servers immediately. As always, we stand ready to assist any impacted entities.\u201d<\/p>\n\n\n\n
Two of the affected MSPs include Synnex Corp. and Avtex LLC, according to two people familiar with the breaches. Avtex President George Demou told Bloomberg News in a text message on Friday night, \u201cHundreds of MSPs have been impacted by what appears to be a Global Supply Chain hack.\u201d<\/p>\n\n\n\n
\u201cWe are working with those customers who have been impacted to help them to recover,\u201d he added.<\/p>\n","protected":false},"excerpt":{"rendered":"
Just weeks after President Joe Biden implored Vladimir Putin to curb cyber crime, a notorious, Russia-linked ransomware gang has been accused of pulling off an audacious attack on the global software supply chain. REvil, the group blamed for the May 30 ransomware attack of meatpacking giant JBS SA, is believed to be behind hacks on […]<\/p>\n","protected":false},"author":754,"featured_media":32055,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[22],"tags":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/cww7news.com\/wp-content\/uploads\/2021\/07\/download-attack_z1uBHBD_.jpg?fit=700%2C465&ssl=1","jetpack_likes_enabled":true,"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/cww7news.com\/wp-json\/wp\/v2\/posts\/32054"}],"collection":[{"href":"https:\/\/cww7news.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cww7news.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cww7news.com\/wp-json\/wp\/v2\/users\/754"}],"replies":[{"embeddable":true,"href":"https:\/\/cww7news.com\/wp-json\/wp\/v2\/comments?post=32054"}],"version-history":[{"count":1,"href":"https:\/\/cww7news.com\/wp-json\/wp\/v2\/posts\/32054\/revisions"}],"predecessor-version":[{"id":32056,"href":"https:\/\/cww7news.com\/wp-json\/wp\/v2\/posts\/32054\/revisions\/32056"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cww7news.com\/wp-json\/wp\/v2\/media\/32055"}],"wp:attachment":[{"href":"https:\/\/cww7news.com\/wp-json\/wp\/v2\/media?parent=32054"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cww7news.com\/wp-json\/wp\/v2\/categories?post=32054"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cww7news.com\/wp-json\/wp\/v2\/tags?post=32054"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}