KaseyaVSA and what DIVD did to prevent the abuse of seven zero-days

Track: Main Stage
Technical level
Time: 13:40
Willem-Alexander

On the 2nd July 2021 REvil launched a worldwide ransomware attack through a zero-day in the Managed Service Provider software KaseyaVSA. What only few people knew then, was that the Dutch Institute for Vulnerability Disclosure had already discovered seven zero-days and was helping Kaseya to patch them since April.

Only one zero-day was left: an authentication bypass vulnerability and it was abused to attack customers of 2.200 MSPs worldwide. Were we just too late? Well, DIVD did already give the MSP community a heads up and immediately started to scan and warn all users that night. In all, perhaps a million users could have fallen victim, but it were ‘only’ 1.500.

This is a fascinating case of large scale coordinated vulnerability disclosure and an example of how DIVD works. The speakers will also go into more recent research and describe how they scan the whole internet for vulnerabilities and report them to the ones who can fix them, sticking to their well respected and legally just Code of Conduct for doing vulnerability research. Currently DIVD consists of 100 volunteers who help to make the internet safer for everybody and they do it Dutch style: open, direct and for free.

Speakers in this session
CSIRT manager, Dutch Institute for Vulnerability Disclosure
Head of Research, Dutch Institute for Vulnerability Disclosure
Head of CSIRT, Dutch Institute for Vulnerability Disclosure
Managing Director, Dutch Institute for Vulnerability Disclosure
magnifier