Recently, we became aware of very limited number instances where VSA SaaS customers were targeted by threat actors who leveraged compromised user credentials to gain unauthorized access to privileged VSA resources and deploy malware/ransomware to endpoints. All available evidence at our disposal points to the use of compromised credentials (username & password). We continue to monitor the situation very closely.
To be clear, neither Kaseya nor the VSA product were breached during this incident.
The industry continues to see MSPs and IT administrators as targets in order to gain credentials for unauthorized access into systems they use. And, the research is clear: no matter what the system or software worldwide, 80% of security breaches involve compromised credentials. As we’ve investigated recent instances experienced by customers, all available evidence to us points to the use of compromised credentials to gain unauthorized access.
We work diligently to prevent the misuse of our products and continue to recommend that customers employ best practices around securing their credentials, regularly rotating passwords, and strengthening their security hygiene.
Specifically, we have the following recommendations:
1) Use this opportunity to immediately change their current password as part of regular best practices.
2) Enable Two Factor Authentication (2FA). In the near future, we will be releasing a 2FA integration which works across both free (e.g. Google Authenticator, Microsoft Authenticator, etc…) and paid 2FA vendors to provide customers with the maximum choice for protecting their logins. In the short-term, customers who are not currently using 2FA, can sign up Kaseya’s AuthAnvil. We will automatically extend the full-featured trial from 14 to 90 days. Sign up is available at: https://authanvil.com/try-it-free