The New York Times :
Hundreds of businesses around the world, including one of Sweden’s largest grocery chains, grappled Saturday with potential cybersecurity vulnerabilities after a software provider that provides services to more than 40,000 organisations, Kaseya, said it had been the victim of a “sophisticated cyberattack.”
Security researchers said the attack may have been carried out by REvil, a Russian cybercriminal group that the FBI has said was behind the hacking of the world’s largest meat processor, JBS, in May.
In Sweden, grocery retailer Coop was forced to close at least 800 stores Saturday, according to Sebastian Elfors, a cybersecurity researcher for security company Yubico. Outside Coop stores, signs turned customers away: “We have been hit by a large IT disturbance and our systems do not work.”
Elfors said a Swedish railway and a major pharmacy chain had also been affected by the Kaseya attack. “It’s totally devastating,” he said. Asked about the cyberattack after he landed in Michigan on Saturday on a trip to celebrate COVID-19’s retreat in the United States, President Joe Biden said he had been delayed in getting off the plane because he was being briefed about the attack. He said he had directed the “full resources of the federal government” to investigate. “The initial thinking was it was not the Russian government, but we’re not sure yet,” he said.
Victims of the breach were hit through a Kaseya software update, said Kevin Beaumont, a threat researcher. Instead of getting Kaseya’s latest update, they received REvil’s ransomware. Kaseya was initially breached through a previously unknown vulnerability in its systems – known as a “zero day” because when such vulnerabilities are discovered, software makers have zero days to fix it. In the meantime, cybercriminals and spies can use the vulnerability to wreak havoc.
