Morning all,
For anyone that missed the news story, Kaseya have been the latest victim in the increasingly dangerous threat of supply chain attacks.
Who are Kaseya? Kaseya offer a remote management system primarily aimed at Managed Service Providers (MSPs). MSPs use tools like this to automate patching and monitoring of systems and can automate deployments via reusable scripts that can be targeted at one or more devices.
By the very nature of this software it is designed to run with elevated privileges.
Cyber Criminals found a vulnerability with the Kaseya VSA platform and have used it to deploy ransomware to systems.
Full details can be found here: https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689
The ransomware used is a variant of REvil and has been known to target backup systems
With this background information out the way, many in the infosec community have been debating the best defence against these kinds of threats and one suggestion posed had me interested. These platforms normally require Antivirus (AV) exclusions. But with the risk that comes from trust, the community are suggesting moving away from exclusions by default.
So now I ask the community, do you deploy any AV on your Veeam infrastructure? Do you deploy on all of it? Just a particular OS? Do you add any AV exclusions? I personally love the idea of zero trust and no exclusions but I apply them because I value the integrity of my backups
Share your thoughts below!