Kaseya$$s estimates of impacted companies are even higher. In an update to its ongoing blog post, the company said that the attack affected fewer than $60$ customers, all of whom were using the VSA on$-$premises product. With the ripple effect, the total impact has been felt among fewer than $1,500$ downstream businesses, according to Kaseya.

$$It shouldn$$t surprise that extortionists would target critical IT software that could serve as the initial access into more victims$$ networks,$$ said Rick Holland, chief information security officer and VP for strategy at risk protection provider Digital Shadows. $$Managed Service Providers $($MSPs$)$ leverage Kaseya$$s software, making them an attractive target because extortionists can quickly increase potential targets. In addition, companies that leverage MSPs are typically less mature small and medium$-$sized $($SMBs$)$ business, which usually have less mature security programs.$$

As is often the case, the ransomware works by exploiting a security flaw in the VSA software. Specifically, the attack takes advantage of a zero$-$day vulnerability labeled CVE$-202130116$ with the payload delivered via a phony VSA update, according to Kevin Beaumont at cybersecurity news site Double Pulsar. Gaining administrator rights, the attack infects the systems of MSPs$,$ which then infects the systems of customers.

$$This attack highlights once more that hackers are ready and waiting to exploit lax security and unpatched vulnerabilities to devastating effect,$$ said Jack Chapman, Egress VP of threat intelligence. $$It also shows the importance of securing not just your own organization, but your supply chain too. Organizations must closely examine their suppliers$$ security protocols, and suppliers must hold themselves accountable, ensuring that their customers are defended from the ever$-$growing barrage of malicious attacks.$$ Did the attack impact users of Kaseya that kept the application updated $?$ Why $?$