Beleaguered IT management firm Kaseya says sixty per cent of its SaaS services have been successfully restored.
An update to the firm’s advisory regarding the attack on its VSA product, time-stamped 10:00PM Eastern Daylight Time (EDT) on July 11th, states: “The restoration of services is progressing according to plan, with 60% of our SaaS customers live and servers coming online for the rest of our customers in the coming hours.”
Restoration started at 4:00PM on the 11th, which was also the time at which Kaseya published a patch for its on-prem software.
The Register has scanned user forums and social media for feedback from Kaseya users, but so far there’s precious little out there.
Which may be because also on Sunday Kaseya published a further revision to its runbook for restoration of on-prem services, and advised customers that they should not proceed with restoration of their software until they revisit the new instructions. That document and the SaaS equivalent are both lengthy, as are the hardening guides Kaseya has offered for SaaS and on-prem users.
- Security warning deluge from 'npm audit' is driving developers to distraction
- Bogus Kaseya VSA patches circulate, booby-trapped with remote-access tool
- Wipro wasn't a one-off: Same hacking crew targeted scores of firms, big and small – researchers
The company has also offered new guidance on IP whitelists.
Readying an organisation to adopt the recommendations and requirements in the documents described above will be non-trivial. The Register also imagines that users will be keen to do quite a bit of testing before resuming operations.
While Kaseya will be glad to see its service restoration apparently progressing smoothly, the company faces allegations of having ignored repeated warnings from staff about the state of its products’ security.
Bloomberg reports that staff pointed out security problems for years, but were rebuffed by management. ®