Share this
by DNSFilter on Jul 6, 2021 12:00:00 AM
Just before US offices closed for the Fourth of July holiday, the MSP vendor Kaseya was hit by a huge ransomware attack. The organization behind the attack is REvil, a Russian-linked Ransomware-as-a-Service operation that first surfaced in May 2020. In 2021, they have been attached to a number of high-profile attacks. This breach is still ongoing, but we want to alert our customers to the actions that we have taken at DNSFilter to best secure our customers.
We want to reiterate that if you are a Kaseya customer to follow their advice:
“Our guidance continues to be that users follow Kaseya’s recommendation to shut down VSA servers immediately, to adopt CISA’s mitigation guidance, and to report if you have been affected to the IC3.”
Initial Domain Flagged
At 3:56 p.m. ET on July 2, DNSFilter categorized the first known URL as malware after it was first posted at roughly 3:19 p.m. ET: decoder[dot]re
Prior to our categorization of this domain, there was no traffic to this domain on our network.
Config file with over 1,000 domains disclosed
Early on July 3, a config file was released for the Kaseya attack that included a list of over 1,200 command and control domains. As of 3:58 a.m. ET on July 3, DNSFilter is categorizing all of these domains as malicious.
To ensure you’re protected from these domains sending DNS queries from your system, ensure you have the following DNS threat protection in place (at a minimum) on our network:
As more information is released or we have additional updates related to actions we are taking at DNSFilter to protect our customers, we will update this blog post.
Update on July 9, 2021: We have shared more information about the CNC domains used in the Kaseya ransomware attack.
Share this
Platform, Fires, and You: Navigating the Fine Line Between Operations and Development
The Old-School Operations Role: Backbone or Bottleneck?
In the early days of IT, the operations team was the unsung hero—the silent, and often siloed, force that kept everything running. They were responsible for the infrastructure: Servers, databases, and networks that powered the business. They managed deployments, monitored systems, and ensured uptime. If it was working, no one noticed them. If it wasn't? Well, then the questions started: "Wha...
The Hidden Risks of Refreshing Old Threats
When Vintage Goes Viral (In All the Wrong Ways)
Remember that time you found your old Tamagotchi and thought, "Hey, this could be fun again"? Well, cybercriminals are having a similar nostalgic moment, but instead of resurrecting digital pets, they're breathing new life into outdated malware and long-forgotten data breaches. Welcome to the world of recycled cyber threats, where everything old is terrifyingly new again.
Trends of Cybersquatting, Typosquatting, and Other Malicious Domains
The Growing Threat of Malicious Domains in Cybersecurity
As cybercriminals continue to evolve their tactics, domain-based attacks like cybersquatting, typosquatting, and other malicious domains have become a significant threat to businesses and individuals alike. These attacks are designed to exploit trust, impersonate brands, and mislead users into handing over sensitive information—often resulting in financial losses, data breaches, and reputat...
