Integrating systems of Quality,
Implementing solutions of Excellence

Operating as a Value Added Distributor and trusted advisor to the ecosystem of ICT System Integrators, resellers and partners, GCC Hellas promotes solutions and services in Security and Networks, across several sectors and companies in the Greek and Cypriot market. The company’s team of industry experts is dedicated to providing the right solution with expertise in network & security, data centres infrastructure and professional services to organizations of all sizes.
Our Mission

We fulfil and exceed ICT partners’ needs and requirements by providing highest quality, innovative and competitive solutions and services.

Our Vision

To deliver exceptional value to our partners.

Our Values

We put our partners at the centre of everything we do honouring their trust.

Contact us

Konitsis 11B, Marousi 151 25, Athens

info.gr@gcc.net.gr

(+30) 215 550 6991-4

cybersecurity Technology

How Trend Micro and partners kept customers safe from the Kaseya ransomware attack

One of the most audacious cyber-attacks of recent years was revealed last December, when state-backed hackers infected customers of an IT software company via a malicious update. That SolarWinds attack resulted in the compromise of at least nine US government departments. At the time Trend Micro warned that this was just the tip of the iceberg. Unfortunately, we were right. Now, potentially thousands of customers of another IT management software company, Kaseya, have experienced a similar fate.

While US intelligence agencies investigate, Trend Micro and its partners’ customers remain protected via multiple layers of defence. Here’s what happened and how we’re keeping these organisations safe.

What happened?
The attack landed on July 2, just ahead of the US Independence Day holiday weekend and likely a calculated ploy to catch organisations and their IT security teams flat-footed. It targeted Kaseya’s VSA platform, which is used by MSP clients for automated patching and remote monitoring of their customers’ environments.

According to reports, a zero-day exploit allowed the attackers to bypass authentication controls, access and upload a malicious payload to the system and execute commands via SQL injection. In so doing, they were able to weaponise VSA to push a malicious PowerShell script which loaded REvil ransomware onto MSP customer systems, and their customers in turn. Because VSA is designed to operate with elevated privileges, the malicious fake update “Kaseya VSA Agent Hot-fix” was installed across all managed systems.

The Sodinokibi/REvil ransomware (detected as Ransom.Win32.SODINOKIBI.YABGC) disabled certain services and terminated processes related to legitimate software, including browsers and productivity applications. It also ran commands to hide its activity from Microsoft Defender. Kaseya warned customers infected with the ransomware not to click on any links in communications from the attackers as these may also be weaponised with malware.

What is the impact?
The REvil group, or rather the affiliate which carried out this particular attack, has reportedly been attempting to extract ransoms from individual firms. It’s also demanding $70 million in cryptocurrency for a ‘universal decryptor’ which it claims will work across all victims.

Kaseya claims “fewer than 60” of its on-premises MSP customers and around 1500 downstream organisations have been affected. These include organisations as varied as Swedish supermarkets, New Zealand schools and Dutch IT companies.

It is hoped that a patch will be deployed to bring affected customers back online within the day.

How Trend Micro keeps you safe
The good news is that the ransomware itself is detected by Trend Micro anti-malware solutions. In fact, our predictive machine learning and behaviour monitoring capabilities were detecting and protecting against samples before specific IOCs were added to the regular detection pattern. This functionality is included in our Worry-Free security range, also offered by Vodafone and other partners to protect small businesses from serious threats like ransomware.

In addition, Trend Micro is actively blocking several known malicious domain infection vectors that are associated with the campaign via Trend Micro Web Reputation Services (WRS).

Finally, our Trend Micro Vision One platform for threat detection and response, provides customers with XDR detection capabilities from underlying products such as Apex One. It also helps organisations to sweep for IOCs in order to check for malicious activity and enhance retrospective investigations.