Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.


333 West San Carlos Street
San Jose, California 95110
United States


ChannelPro Network Awards

hello 2
hello 3


January 29, 2018 |

Kaseya VSA Vulnerability Exploited by Cryptocurrency Mining Attack

Hackers used a flaw in Kaseya’s RMM solution, which has since been patched, to deploy Monero crypto-mining software on managed endpoints.

Unidentified cybercriminals exploited a vulnerability in Kaseya’s Ltd.‘s VSA remote monitoring and management system earlier this month to deploy unauthorized cryptocurrency mining software on managed endpoints.

The attack was described this morning by security vendor eSentire Inc.

“eSentire has observed an unknown threat actor attempting to deploy a Monero cryptocurrency miner to multiple eSentire customers,” the Cambridge, Ont.-based company wrote this morning in a security advisory. “We assess with high confidence that the threat leveraged Kaseya Ltd’s Virtual Systems Administrator (VSA) agent to gain unauthorized access to multiple customer assets since January 19, 2018.”

The statement went on to say that eSentire “has disclosed this issue to Kaseya, who is actively working to communicate and mitigate the issue.”

Kaseya, which maintains dual headquarters in Miami and New York, acknowledged the issue in a security update posted on its support site earlier today.

“In the course of our continuous security monitoring of our products, we have uncovered a security vulnerability in our VSA product,” the post stated. “Consistent with our commitment to providing secure solutions for our partners, we have issued a set of patches that removes this vulnerability. We strongly recommend that every on-premises VSA customer download and install this patch immediately. The patch to address this vulnerability has already been deployed to our SaaS and hosted servers.”

Mike Puglia, Kaseya’s chief product officer, added further detail in a media statement.

“While software vulnerabilities are not uncommon, we take security seriously at Kaseya,” Puglia said. “As a result, we caught this vulnerability early and have been able to work quickly with our customers to resolve this issue and safeguard their environments. A very small fraction of our customers (initial estimate <0.1%) were affected by this issue and we have seen no evidence to suggest that this vulnerability was used to harvest personal, financial, or other sensitive information. Our commitment to our customers is unwavering and we will continue to be vigilant and transparent to ensure their safety."

Monero is one of many cryptocurrencies used to buy and sell goods online. Hackers attracted to its hashing algorithm, which requires fewer CPU resources than better-known alternatives like Bitcoin, have been employing a variety of scams and exploits to harness the processing power of infected PCs and servers for mining purposes.

In November, Check Point Technologies Ltd. reported that a Monero mining virus named CoinHive had been the sixth most prevalent malware variant on the web the previous month. When successfully deployed, the San Carlos, Calif.-based security vendor also stated, crypto-mining software can surreptitiously consume up to 65 percent of an endpoint’s CPU capacity.

Today’s incident is yet another illustration of a phenomenon ChannelPro reported on in October: threat actors are increasingly targeting managed service providers, whose RMM systems harbor information that can be used to compromise dozens of other networks. In one highly publicized attack last year, the Chinese cyberespionage group knowns APT10 successfully breached multiple businesses after using malware to hack their MSP.

Kaseya shipped the latest edition of VSA last week.

Editor’s Choice

Broadcom-VMware Shakeout: How the Channel Has Been Affected By the Big Industry Acquisition

April 11, 2024 |

Industry experts weigh in on the “messy breakup” that MSPs were left with after Broadcom’s acquisition of VMWare.

Selling Cybersecurity: How MSPs Can Become Crucial Partners in Managing Risk

March 27, 2024 | David Powell

MSPs should try to bring an end customer into the cybersecurity fold. Here are some ways to help drive that.

3 Questions with Ingram Micro’s Sanjib Sahoo on Integrating AI into Managed Services

March 25, 2024 |

Ingram Micro’s EVP and chief digital officer shares some insights on how MSPs can effectively integrate artificial intelligence into their business operations.

Related News

Growing the MSP

Explore ChannelPro


Reach Our Audience