Kaseya Community

Customers of 3 MSPs Shutdown by Ransomware via Kaseya, need details so we can protect our assets

This question is answered

https://www.darkreading.com/attacks-breaches/customers-of-3-msps-hit-in-ransomware-attacks/d/d-id/1335025?_mc=NL_DR_EDT_DR_daily_20190621&cid=NL_DR_EDT_DR_daily_20190621&elq_mid=91613&elq_cid=28059128

Need to know what was exploited and how we can protect ourselves and our clients.

Verified Answer
  • according to that article this was because of comprimised logins at the MSPs.  This is why everyone should implement PAM software.

All Replies
  • I agree that its a shame that Kaseya forces us to pay for MFA.

    Webroot MFA only has 1 option and its a poor one.

  • - From what I read here Kaseya is planning to include free MFA support 'soon' - helpdesk.kaseya.com/.../360047654391-Security-Announcement-06-21-2019-

  • Article seems to apply to SaaS customers.  Will this also apply to On Prem?

    They are recommending Auth Anvil, and will extend the trial from 14 to 90 days.  However, I don't see where they are saying MFA will be free.

  • Right there in the second bulletin point.

    2.) Enable Two Factor Authentication (2FA). In the near future, we will be releasing a 2FA integration which works across both free (e.g. Google Authenticator, Microsoft Authenticator, etc…) and paid 2FA vendors to provide customers with the maximum choice for protecting their logins. In the short-term, customers who are not currently using 2FA, can sign up Kaseya’s AuthAnvil. We will automatically extend the full-featured trial from 14 to 90 days. Sign up is available at: https://authanvil.com/try-it-free

  • Look. At. it. Don't let this be you.

    -Get 2FA. 

    - and/or Restrict access to VSA login via IP ACL.

    -and/or Require VPN

    You need these things, especially for techs/admins that have the ability to write, save, and execute agent procedures.

  • Regarding second bullet point, I requested clarification from Support.  

    Authanvil trial of 90 days is a temporary fix for now. You can reach out to your account manager if you would like to use it beyond 90 days.

    MFA with other providers is a high priority feature, however, we do not have a timeline that we can share at this moment. Any updates regarding this will be notified in the release notes.

  • We enabled Single Sign On SSO using AzureAD per this article:  arweth.com/.../implementing-azuread-sso-for-the-kaseya-vsa

    For this solution you would need AuthAnvil module enabled by your account rep, but it's at no charge since you'll only be using SSO and not AuthAnvil.  At least this is my understanding of how we're currently using it.

    But we currently use local accounts and I'm still trying to figure out how to get it to work with AD sync accounts.

  • yes