Kaseya Discovers Vulnerability that Allows Monero Mining

It has long been speculated that the recent increase in network hashrate was due to botnets and the increase in GPU sales, with the focus on botnet activity. It was recently discovered that there may be some bad actors at work taking advantage of a vulnerability in the popular workstation management application, Kaseya.

Here is the January 2018 VSA Security Update posted on their Announcements Page:

In the course of our continuous security monitoring of our products, we have uncovered a security vulnerability in our VSA product.

Consistent with our commitment to providing secure solutions for our partners, we have issued a set of patches that removes this vulnerability. We strongly recommend that every on-premises VSA customer download and install this patch immediately.  The patch to address this vulnerability has already been deployed to our SaaS and hosted servers.

We have seen no evidence to suggest that this vulnerability was used to harvest personal, financial, or other sensitive information.  However, we are aware of a small subset of our partners where Monero cryptocurrency mining software was deployed to endpoints.  Our initial estimates indicate that less than 0.1% of our customers have been affected by this issue.

Kaseya Support is available to assist customers and can be reached by submitting a request at https://helpdesk.kaseya.com/hc/en-gb/requests/new and selecting “VSA Security” under Module to ensure your question is properly routed.

Patch Information

On-Premise VSA Customers – Kaseya strongly recommends that on-premises customers immediately apply a patch by running the Kinstall (Kinstall.exe) that is included on the VSA server: (that matches the version of VSA that you are running):

Version R9.5:  Patch

Version R9.4:  Patch

Version R9.3:  Patch

For customers running Version R9.2 or earlier, it is recommended to upgrade to 9.3 or higher.  If needed, Kaseya support can assist you with this.  Please reach out to Kaseya Support by submitting a request at https://helpdesk.kaseya.com/hc/en-gb/requests/new and selecting “VSA Security” under Module to ensure your question is properly routed.

SaaS or Hosted Customers – The updates have been applied by Kaseya, no action is required.

Assessment & Remediation

To provide further assurances, Kaseya has created Agent Procedures which customers can run across their environment to determine if they were affected by this vulnerability and remediate endpoints in the event they were impacted.  The procedure and detailed technical instructions are located at the following link: https://helpdesk.kaseya.com/hc/en-gb/articles/360000346651

Kaseya is committed to quality and security in our products and maintaining transparency in our communications with our customer base.

About Joe D

I have always had a passion for everything computing. In early 2000, I decided to take my passion to the web. Thus, C.O.D. was born. Through the years we have made many great friends at C.O.D. and hope to continue our journey for years to come.

Check Also

Tenda Announces Open Source Tomato Compatibility for Wireless AC Routers

Tenda Technology Inc.®, a subsidiary of Shenzhen Tenda – an experienced, global brand of wired and wireless networking hardware – today announces open source Tomato firmware compatibility for existing W1800R and W1801R Wi-Fi routers*.