Infosec outfit Qualys, its cloud-based vulnerability detection technology, and SSL server test webpage have seemingly fallen victim to a ransomware attack. Files appearing to originate from Qualys, including customer invoices, were dumped online, on the Tor blog of the extortionists, Clop, whose recent victims include Canadian aerospace firm, Bombardier.
<p style=\"font-weight: 400;\">In general, malicious actors now use full-blown extortion tactics to make sure they get what they came for in attacks like this. Simply encrypting data seems rather old-fashioned now – especially as exfiltrating and selling the data can be that much more lucrative.</p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">This problem won’t go away quietly, so Qualys needs to learn from others who have experienced similar attacks and note the decisions they made – and the outcome these choices resulted in. Large organisations are inevitably targeted by hackers, however, it is those who stand up and own up to their oversights who come out on top in the end.</p>
<p>Qualys’s response to the incident is a laudable example of transparent and professional handling of a security incident. Under the integrity of currently disclosed circumstances, I see absolutely no reason for panic. The very nature of the incident suggests that the number of affected customers and other third parties is likely very limited. Moreover, sensitive data, such as vulnerability reports or customer passwords, are almost certainly unaffected. Thus, I’d definitely refrain from labeling the attack as a “breach” but rather a security incident. A third-party investigation will likely shed light on the situation and hopefully will bring even more assurance to Qualys customers.<u></u><u></u></p> <p> </p> <p>The ongoing attacks against Accellion FTA servers are exploiting 0day vulnerability on a server hosted outside of organizational premises, and thus are hardly detectable or preventable. Many more companies and organizations will likely fall victim to this sophisticated hacking campaign soon. Moreover, undoubtedly, even more victims have been already silently hacked and are simply unaware of the intrusion. Extorsion and public threats are the last resort for the attackers who fail to rapidly sell the loot for a good price on the Dark Web and go after the victim for a ransom. Similar supply chain attacks are poised to surge in 2021.</p>