Kaseya has issued a warning Thursday evening about a phishing campaign they were notified about that is posing as security updates. Threat actors are using the news about the Kaseya incident to try and lure more people to click on links and malicious attachments within emails that are being sent out that are designed to mimic the VSA security updates. Kaseya has warned not to click on any links or attachments included in emails that claim to be security updates from them and that moving forward the company would not be sending any links or attachments in their updates to prevent any type of confusion. The attacks target victims with a Cobalt Strike payload according to Kaseya.
Phishing campaigns surrounding any major security incident will always be a way attackers use to infect more users. In this case, Kaseya has stopped sending emails with links or attachments in them to help people identify whether or not the email is legitimate. Best practices should be in place to defend against phishing emails such as not clicking links or opening attachments in emails that you do not know who the sender is, even if you believe it is some sort of update. Utilizing endpoint monitoring such as Binary Defense’s Managed Detection and Response is a great defense when employees click on phishing emails because it will identify anomalous behavior if any malware is being deployed on an endpoint and help to mitigate the attack.