There goes your holiday weekend.

Hackers hit a major IT software provider, which allowed their attack to spread downstream into many small businesses that now face ransom demands to unlock their computer networks.

[www.washingtonpost.com]

On Saturday morning, the information technology company Kaseya confirmed that it had suffered a “sophisticated cyberattack” on its VSA software — a set of tools used by IT departments to manage and monitor computers remotely. The company said that only about 40 customers had been affected.

But because Kaseya’s software is used by large IT companies that offer contract services to hundreds of smaller businesses, the hack could have spread to thousands of victims. Kaseya told all of its nearly 40,000 customers to disconnect their Kaseya software immediately. The cybersecurity firm Huntress Labs said it had tracked 20 IT companies, known as managed-service providers, that had been hit. More than 1,000 of those companies’ clients, mostly small businesses, also had been affected by the hack, Huntress Labs said on Reddit.

“I wouldn’t be surprised if it was thousands of companies,” said Fabian Wosar, the chief technology officer of Emsisoft, a company that provides software and advice to help organizations defend against ransomware attacks. “We just don’t know yet because of the long weekend in the U.S.”

A major grocery chain in Sweden said Saturday that its IT provider had been hit by an attack and that its cash registers were locked up. It had to shut down hundreds of stores, the company, Coop Sweden, said on its Facebook page.

Because of the vast number of companies potentially affected, the attack could prove to be one of the biggest in history. Researchers said REvil, the hacker group that attacked the meat processor JBS this spring, was behind this attack.

---

Saint Cloud, Minnesota, where the weather is wonderful even when it isn't.

---

_____________________________________

I reject your reality and substitute my own!

On the plus side, their Mac tools are so flawed that more often than not they don't even load.

Can't pwn what you can't hit!

---

but it's not ruskies or chinoise ... is it?

Wish I'd taken up code and computers on my high schools PDP11.

---

!#$@@$#!

My Masters Degree data collection was done on a PDP-11. I knew nothing about how it worked. I could get it running and get information from it (I could follow directions very well) but sure did not know the inner workings.

Quote
Fritz
but it's not ruskies or chinoise ... is it?

Wish I'd taken up code and computers on my high schools PDP11.

That might be Abacus 102?

[is.gd]

I sure hope that russia gets to experience the same X 4.

---

!#$@@$#!

I was watching the 60 Minutes replay of their Solar Winds hack story. I was surprised that there was no discussion of the fact that this is apparently still a Microsoft phenomenon - the malware was written for Windows, and in fact showed up in Microsoft's own computers, found only after they were alerted to this, and they looked. Yup, it's there.

You know, I'm a Mac user, but I was still surprised there was still no connection to Windows made in the story, and they actually had a bigwig from Microsoft on. So I went Googling just to see - did this previous malware directly affect Mac, iOS, or Linux? Didn't find much, but there was this:

Quote

Files in iCloud Drive would almost assuredly be safe, even if access to them is temporarily interrupted (like any other random iCloud outage.)

Also, to fully reiterate, it is I would say 99.9% likely Apple is not impacted by this issue - it only infects Windows hosts. I *REALLY* doubt Apple is running Windows on any of their iCloud-hosting systems.

(I also doubt they're running macOS - they're probably running Linux; and I know that the Akamai caching servers are running a Linux.)

Okay, I understand, the Russians are probably behind this, and besides, Windows runs the world. Cool. But why do they get such a pass on the malware, either Solar Winds or this new one? It seems to me that this is like bananas - basically, one genetic strain produces almost all of the bananas in the world, and everyone expects that some day, there will be a disease which affects this strain, and poof - no more bananas. We'll cross that bridge when we get to it, I guess.

Basically every IT shop runs Windows, and all of our eggs are in that basket, which keeps getting bumped, if not overturned, seemingly at will.

Why (do we put up with this)?

Quote
pdq
Okay, I understand, the Russians are probably behind this, and besides, Windows runs the world. Cool. But why do they get such a pass on the malware, either Solar Winds or this new one?

Solar Winds started with a Microsoft Office 365 exploit. Beyond that, it affected whole networks running Orion hardware. Mac users were not unscathed. Anyone with an Exchange account or Office 365 account or a workstation on a breached enterprise network was/is affected whether they knew it was going on or not.

The insidiousness of the Kaseya attack is that it's not just a cloud service, but can be run in-house. Lots of enterprises use it to manage their PCs AND their Macs, and indie consultants use it to manage Macs on behalf of smaller companies that can't afford in-house IT. The news broke right before a holiday. I have no doubt that Mac users are affected and we'll be hearing about compromised Macs over the next few weeks.

---

Mac users were not unscathed.

Well, yeah; I understand, for instance, that a Swedish grocery had to close because the more recent hack made their cashier stations lock up.

And if some of the shoppers happened to be Mac users, then yes Mac users were affected that day - they couldn’t get their groceries.

That also seems (partially) comparable to Mac users not being able to use Microsoft products like Microsoft 365 or Exchange while the Windows malware runs amuck in the Windows/Microsoft world. But otherwise, were Mac users infected? We’re their computers locked up? Their files encrypted with ransomware instructions? Did they even have the malware (which, presumably, couldn’t run on Macs…or Linux, for that matter) copied (harmlessly) to their computers by these (Russian?) modified remote management tools?

My point is, no one seems to even think or talk about a monoculture of computing being inherently susceptible to attacks, which because of it’s ubiquity, can spread pretty much anywhere, including the internal systems of the very keepers of the exploited OS code (which after all, seems empirically to be one of the most insecure, based on the many, many successful exploits of it).

Seems like a bit of diversification could protect us all.

Quote
pdq
...if some of the shoppers happened to be Mac users, then yes Mac users were affected that day - they couldn’t get their groceries.

That also seems (partially) comparable to Mac users not being able to use Microsoft products like Microsoft 365 or Exchange while the Windows malware runs amuck in the Windows/Microsoft world. But otherwise, were Mac users infected? We’re their computers locked up? Their files encrypted with ransomware instructions? Did they even have the malware (which, presumably, couldn’t run on Macs…or Linux, for that matter) copied (harmlessly) to their computers by these (Russian?) modified remote management tools?

I don't think you have any grasp of the scope of the SolarWinds hack, or the Exchange/365 hacks that went along with it. It was not about distributing malware to endpoints.

And the new one afflicting Kaseya is a critical cross-platform vulnerability. Since it's enforced from IT there are a lot of helpless Mac users out there who can be affected directly.

Even if somehow they are overlooked and are not targeted directly, Macs in enterprise are just as dependent upon servers and network infrastructure as anyone else in enterprise.

This is serious stuff.

I was being flippant in my first response. Kaseya is very VERY popular for managing Macs. It would take a very dumb "hacker" to ignore that opportunity.

---

Edited 1 time(s). Last edit at 07/04/2021 11:13PM by Sarcany.

time to switch to Pages and .... over Office 2008.

---

!#$@@$#!

Quote
Fritz
time to switch to Pages and .... over Office 2008.

Will that work with my AppleScript 2.0?

Quote
RgrF
Will that work with my AppleScript 2.0?

maybe not, but maybe Hypercard or Commodore 64 and Easy Script

---

!#$@@$#!

CBS:

Quote

Dutch researchers said they alerted Miami-based Kaseya to the breach and said the criminals used a "zero day," the industry term for a previous unknown security hole in software. Voccola wouldn't confirm that or offer details of the breach - except to say that it wasn't phishing.

A zero-day in whose software? Even if it’s Kaseya’s software that had the vulnerability, it seems to me that there is some responsibility that the OS has to bear for allowing flawed software to lead to this kind of thing.

I’m not saying software at the level of the OS or elsewhere should always be expected to be perfect; I’m just saying no one seems overly concerned that this keeps happening over and over, and it seems to be getting worse (and more lucrative for the bad guys).

Almost all of these stories begin with someone downloading something they shouldn’t have.
I say one can’t be candid about software anymore, free or otherwise.
I just read Audacity has been found to be malware, and no one thinks twice about using it.

The hackers are only asking for $70,000,000 and all will be made right again.

[www.washingtonpost.com]

---

Saint Cloud, Minnesota, where the weather is wonderful even when it isn't.

So, I can understand why functionality to encrypt files exists, but I don’t understand why the OS wouldn’t require super – elevated privileges and safeguards to prevent malware from doing so.

I probably just don’t understand the technology well enough.

Quote
pdq
So, I can understand why functionality to encrypt files exists, but I don’t understand why the OS wouldn’t require super – elevated privileges and safeguards to prevent malware from doing so.

I probably just don’t understand the technology well enough.

"Encryption" can be accomplished in infinite ways. There's no way to simply block "encryption."

A simple piece of ransomware might just walk through the file-system encoding every document-file that it sees in a manner that would be hard to distinguish from any application opening and saving files. Does the OS prompt you every time you save a file? Would you be able to get any work done if it did?

---

Quote
Sarcany

Quote
pdq
So, I can understand why functionality to encrypt files exists, but I don’t understand why the OS wouldn’t require super – elevated privileges and safeguards to prevent malware from doing so.

I probably just don’t understand the technology well enough.

"Encryption" can be accomplished in infinite ways. There's no way to simply block "encryption."

A simple piece of ransomware might just walk through the file-system encoding every document-file that it sees in a manner that would be hard to distinguish from any application opening and saving files. Does the OS prompt you every time you save a file? Would you be able to get any work done if it did?

It does seem like the OS could warn you after a program had encrypted, say, 10 (or 50 or 100) files. Simple dialog box pop up - “X has encrypted <so-many> files; do you want to allow it to continue?” with a check box that says don’t ask me again for this program.

Seems like it wouldn’t take more than a few minutes in new-hire training to teach people how to handle the pop-up.

Quote
pdq

Quote
Sarcany

Quote
pdq
So, I can understand why functionality to encrypt files exists, but I don’t understand why the OS wouldn’t require super – elevated privileges and safeguards to prevent malware from doing so.

I probably just don’t understand the technology well enough.

"Encryption" can be accomplished in infinite ways. There's no way to simply block "encryption."

A simple piece of ransomware might just walk through the file-system encoding every document-file that it sees in a manner that would be hard to distinguish from any application opening and saving files. Does the OS prompt you every time you save a file? Would you be able to get any work done if it did?

It does seem like the OS could warn you after a program had encrypted, say, 10 (or 50 or 100) files. Simple dialog box pop up - “X has encrypted <so-many> files; do you want to allow it to continue?” with a check box that says don’t ask me again for this program.

Seems like it wouldn’t take more than a few minutes in new-hire training to teach people how to handle the pop-up.

Your Mac has potentially millions of cache files present from the OS and pretty much every application present. Your web browser can generate a thousand temp files in the space of a couple of minutes. You have apps quietly spawning dozens if not hundreds of log files on your Mac every day.

Make exceptions for specific apps and their activities and malware will just masquerade as those apps and activities or will find other ways to slip by undetected.

This is not a battle you can win by putting up fences.

---