![]() Other victims include the Reserve Bank of New Zealand, Canadian aerospace firm Bombardier, the Office of the Washington State Auditor, the University of Colorado and U.S. Other Accellion users whose systems were breached by FTA-targeting attackers, and whose data later appeared on the Clop ransomware gangs' data leaks site, include Australia's securities regulator ASIC, government agency Transport for New South Wales and QIMR Berghofer Medical Research Institute. Mandiant has been doing the same for Accellion after attackers apparently reverse-engineered FTA and identified multiple zero-day flaws, which they began using in December to steal data from users. Qualys has retained FireEye's Mandiant incident response group to investigate the intrusion. She declined to say how many customers were affected pending the conclusion of the ongoing investigation. "There was no connectivity between the Accellion FTA server and our production customer data environment - the Qualys Cloud Platform."Ī Qualys spokeswoman tells Information Security Media Group that all affected customers have been notified. ![]() "Qualys chose the Accellion FTA solution for encrypted temporary transfer of manually uploaded files," he says. "Qualys had deployed the Accellion FTA server in a segregated DMZ environment, completely separate from systems that host and support Qualys products to transfer information as part of our customer support system," Qualys CISO Benn Carr says in a Wednesday blog post. Qualys says the breach was mitigated by its having deployed Accellion in a segregated manner. Clop is one of a number of ransomware gangs that run dedicated leaks sites where they can list victims, post extracts of stolen data, and sell or auction data unless victims give in to their extortion demands. "Want to delete a page or buy data? Write to the email indicated on the homepage," the gang's site states. The image files are named "Screenshot_70.png" through "Screenshot_75.png." The site also contains a listing for "files part 1" - apparently the first batch of stolen files - which is spread across three separate zip file archives available for download. Qualys issued its statement after the Clop - aka Cl0p - ransomware gang on Wednesday began listing Qualys as a victim on its leaks site and posted six screenshots containing stolen data. Qualys Update on Accellion FTA Security Incident - Qualys March 3, 2021 While customer data was stolen, Qualys says that attackers did not breach its "production environments, codebase or customer data hosted on the Qualys Cloud Platform," and that all of its services remain operational and are functioning normally. In a statement released Wednesday evening, the company says it uses FTA solely "to transfer files as part of our customer support system." ![]() See Also: Live Webinar | Generative AI: Myths, Realities and Practical Use Casesīased in Foster City, California, Qualys sells cloud-based IT, security and compliance products and has about 19,000 customers across 130 countries. The firm is one of a growing number of FTA users that were breached by attackers who discovered zero-day flaws in FTA that they were able to remotely exploit (see: Accellion Attack Involved Extensive Reverse Engineering). ![]() Leaked Qualys customer information (Source: Clop leaks site)Ĭybersecurity firm Qualys has confirmed that its systems were breached by attackers who hacked its Accellion File Transfer Appliance software to steal customer data. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |