MOVEit Hackers Pivot to SysAid Zero-Day in Ransomware Attacks

MOVEit Hackers Pivot to SysAid Zero-Day in Ransomware Attacks

November 9, 2023 at 06:09PM

A new zero-day exploit has been discovered that uses a vulnerability in on-premises deployments of SysAid IT Support software to deploy Clop ransomware. Microsoft has announced the flaw and SysAid has issued a patch. The threat actor behind the exploit is Lace Tempest, known for deploying Clop ransomware. Enterprise teams using SysAid should update their systems and conduct a network compromise assessment. Patching on-premises instances may be delayed in many enterprises, highlighting the need for effective threat detection and response.

Key takeaways from the meeting notes are:

1. A new zero-day vulnerability is being exploited to deploy Clop ransomware into enterprise networks, specifically targeting on-premises deployments of SysAid IT Support software.
2. Microsoft has announced the flaw and SysAid has already issued a patch to address the vulnerability.
3. The threat actor behind the exploit is Lace Tempest, also known as DEV-0950, and they are known for using Clop ransomware for their extortion campaigns.
4. SysAid offers IT help desk and support service automation for various sectors like healthcare, human resources, higher education, and manufacturing.
5. The number of victims affected by this cyberattack is unknown at this point as SysAid has not commented on that.
6. Enterprise teams using on-premises versions of SysAid are advised to update their systems to version 23.3.36 and conduct a comprehensive network compromise assessment.
7. Patching on-premises instances may be delayed as organizations often struggle to keep track of responsibilities for such deployments.
8. The potential damage from the SysAid vulnerability depends on the extent of exploitation, patch application speed, and the sensitivity of the accessed data.
9. Security teams should have a clear understanding of their networks, monitor effectively, and have proper threat detection capabilities in place.
10. Organizations should regularly fine-tune their alert systems and have proper incident response protocols in place to mitigate threats effectively.

Full Article