The Kaseya malware attack impacted around a thousand businesses. Naturally, many people are worried about their own cybersecurity.
Scammers take advantage of this anxiety by spreading fake emails with a bogus “update” to “fix a vulnerability in Kaseya”.
Guys please install the update from microsoft to protect against ransomware as soon as possible. This is fixing a vulnerability in Kaseya.
If you receive an email that urges you to install a fix for Kaseya, be careful – it could be serious malware.
What was the Kaseya malware attack?
Kaseya is an IT service provider. It delivers SaaS (software-as-a-service), helps IT teams manage and automate security, network, monitoring, and other functions. It also helps managed service providers deliver their services.
To those businesses that use Kaseya, it might not be very visible, but it is crucially important.
On the 2nd of July, Kaseya was attacked with ransomware. To prevent the attack from spreading to its customers, Kaseya took many of its services offline. Still, hundreds of businesses were affected.
Kaseya supplies software to its clients. If you remember the SolarWinds incident, you know how dangerous supply chain attacks can be. Malware, such as spyware or ransomware, can spread from service providers to hundreds or even thousands of companies and organizations.
Luckily, only up to 1500 businesses are thought to have been affected by the Kaseya attack.
What do the Kaseya phishing emails deliver?
Malicious actors started sending out emails that say that they deliver a fix to a vulnerability in Kaseya. These emails are designed to look like messages from colleagues, including friendly greetings, signatures, confidential info warnings, etc.
According to Malwarebytes, these emails carry an attachment called “SecurityUpdates.exe” and a link to download another file.
A #malspam campaign is taking advantage of Kaseya VSA #ransomware attack to drop #CobaltStrike.— Malwarebytes Threat Intelligence (@MBThreatIntel) July 6, 2021
It contains an attachment named "SecurityUpdates.exe" as well as a link pretending to be security update from Microsoft to patch Kaseya vulnerability! pic.twitter.com/0nIAOX786i
Both of the files are malicious. If the victim downloads and opens them, their computer could be infected with serious malware:
- file-encrypting ransomware,
- information-stealing spyware,
- malware that can be used to control the infected computer remotely.
Luckily, antivirus tools detect these malicious files, as you can see on this Virustotal.com page.
How to avoid malicious spam?
Kaseya already shut down their cloud services that could have been used to deliver malware. If you use Kaseya’s services, you can read the company’s instructions on how to operate safely on Kaseya.com. When downloading Kaseya’s fixes and patches, only ever use their official website.
Emails that are disguised as job communication are one of the most common ways to spread malware, such as ransomware and trojans. In general, be suspicious of all unexpected emails that ask you to download and run a program. I recommend this post on Digitalcheck.com – it describes very well how to recognize phishing emails.