Qualys Hit With Ransomware And Customer Invoices Leaked

Infosec outfit Qualys, its cloud-based vulnerability detection technology, and SSL server test webpage have seemingly fallen victim to a ransomware attack. Files appearing to originate from Qualys, including customer invoices, were dumped online, on the Tor blog of the extortionists, Clop, whose recent victims include Canadian aerospace firm, Bombardier.

Experts Comments

March 04, 2021
Ilia Kolochenko
Founder and CEO
ImmuniWeb

Qualys’s response to the incident is a laudable example of transparent and professional handling of a security incident. Under the integrity of currently disclosed circumstances, I see absolutely no reason for panic. The very nature of the incident suggests that the number of affected customers and other third parties is likely very limited. Moreover, sensitive data, such as vulnerability reports or customer passwords, are almost certainly unaffected. Thus, I’d definitely refrain from

.....Read More

Qualys’s response to the incident is a laudable example of transparent and professional handling of a security incident. Under the integrity of currently disclosed circumstances, I see absolutely no reason for panic. The very nature of the incident suggests that the number of affected customers and other third parties is likely very limited. Moreover, sensitive data, such as vulnerability reports or customer passwords, are almost certainly unaffected. Thus, I’d definitely refrain from labeling the attack as a “breach” but rather a security incident. A third-party investigation will likely shed light on the situation and hopefully will bring even more assurance to Qualys customers.

 

The ongoing attacks against Accellion FTA servers are exploiting 0day vulnerability on a server hosted outside of organizational premises, and thus are hardly detectable or preventable. Many more companies and organizations will likely fall victim to this sophisticated hacking campaign soon. Moreover, undoubtedly, even more victims have been already silently hacked and are simply unaware of the intrusion. Extorsion and public threats are the last resort for the attackers who fail to rapidly sell the loot for a good price on the Dark Web and go after the victim for a ransom. Similar supply chain attacks are poised to surge in 2021.

  Read Less
March 04, 2021
Jake Moore
Cybersecurity Specialist
ESET

In general, malicious actors now use full-blown extortion tactics to make sure they get what they came for in attacks like this. Simply encrypting data seems rather old-fashioned now – especially as exfiltrating and selling the data can be that much more lucrative.

 

This problem won’t go away quietly, so Qualys needs to learn from others who have experienced similar attacks and note the decisions they made – and the outcome these choices resulted in. Large organisations are inevitably

.....Read More

In general, malicious actors now use full-blown extortion tactics to make sure they get what they came for in attacks like this. Simply encrypting data seems rather old-fashioned now – especially as exfiltrating and selling the data can be that much more lucrative.

 

This problem won’t go away quietly, so Qualys needs to learn from others who have experienced similar attacks and note the decisions they made – and the outcome these choices resulted in. Large organisations are inevitably targeted by hackers, however, it is those who stand up and own up to their oversights who come out on top in the end.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.