Advertisement

Security News

10 Big Things To Know About The Kaseya Cyberattack

Michael Novinson

From the largest ransom demand of all-time to a potentially linked attack on Microsoft cloud customer apps via Synnex to how this hack was nearly avoided altogether, here are 10 things to know about the Kaseya cyberattack.

5. AWS IP Addresses Might Be Launch Point For Attack

Huntress said Monday afternoon that it’s working with Amazon Web Services and law enforcement to investigate an AWS IP address that might have been used as a launch point for the Kaseya attack. The IP address in question provides shared hosting, meaning that REvil might have compromised a legitimate AWS webserver and used it as a launch point for their attack.

Huntress discovered Friday that one of the IP addresses the attackers were using belongs to AWS, and the company said it’s been in contact with internal hunt teams at AWS. Across all of the compromised servers we are aware of, one commonality has been GET and POST requests from AWS IP address 18[.]223.199.234 using curl to access a series of files sequentially.

AWS didn’t respond to a CRN request for comment.

 
Learn More: Current Threats | Threat Management
Learn About Michael Novinson
Michael Novinson

Advertisement

trending stories

Advertisement

CRN AWARDS

Sign up to be notified about CRN awards
Sponsored Post

CRN MAGAZINE

Browse

Subscribe

Latest Issue

Read this month's CRN magazine
View more news and hear more channel insights on CRNtv.com

Hear breaking channel news from CRN experts
Hear breaking channel news from CRN experts

Get the scoop on top industry trends
Get the scoop on top industry trends
Advertisement

NEWSLETTER

Get the IT channel news you need, right to your inbox.

Subscribe

Subscribe to the CRN Newsletter
Advertisement exit