California-based Cloud Security and Compliance firm Qualys Inc. has ironically fallen prey to a data breach at the hands of Clop ransomware gang. The threat actors posted screenshots of the files allegedly belonging to Qualys and its customers on the Internet.
The data allegedly stolen from the security firm includes financial documents and scan results of clients and were published on “CLOP^_-LEAKS” tor website which is maintained by the operators of Clop ransomware. The portal is specifically used to publish stolen data whose victims are unwilling to pay the threat actor’s ransom demand.
Of late the portal has been swamped with stolen data originating from various organizations that had employed the services of Accellion FTA file transfer software.
Qualys confirmed the attack earlier in the week and described it as a “Security Incident” that transpired because of the exploitation of a previously known vulnerability in software from Accelion Inc., which is used for the transfer of Information by the firms’ customer support system.
However, a total of four zero-day vulnerabilities were identified in the attack, all of which were already patched. The exploited vulnerabilities were of critical severities since they were subjected to exploitation through unauthenticated remote code execution (RCE).
It’s likely that the attackers reverse engineered the file transfer software which provided them with high-levels of sophistication and a deeper knowledge of Accelion’s legacy software’s workings.
According to the security provider, sensitive data such as vulnerability reports and customer passwords were not affected. However, it highlights the plight of users, since their sensitive data is at the mercy of legacy software, employed by the security providers to conduct their day-to-day operations.
A failure to release a patch to such a critical vulnerability or its application on time can result in a breach of colossal measures.
The incident also displays the shift in the behavior of threat actors, as they are now targeting vendors catering to large enterprises rather than directly targeting the end consumer. Our internal experts expect such attacks to become common with time since they allow the attackers a way to inflict widespread damage with minimal efforts.
To read more, please check eScan Blog
