10 Big Things To Know About The Kaseya Cyberattack
From the largest ransom demand of all-time to a potentially linked attack on Microsoft cloud customer apps via Synnex to how this hack was nearly avoided altogether, here are 10 things to know about the Kaseya cyberattack.
5. AWS IP Addresses Might Be Launch Point For Attack
Huntress said Monday afternoon that it’s working with Amazon Web Services and law enforcement to investigate an AWS IP address that might have been used as a launch point for the Kaseya attack. The IP address in question provides shared hosting, meaning that REvil might have compromised a legitimate AWS webserver and used it as a launch point for their attack.
Huntress discovered Friday that one of the IP addresses the attackers were using belongs to AWS, and the company said it’s been in contact with internal hunt teams at AWS. Across all of the compromised servers we are aware of, one commonality has been GET and POST requests from AWS IP address 18[.]223.199.234 using curl to access a series of files sequentially.
AWS didn’t respond to a CRN request for comment.