Skip to content

Qualys Data Breach

Cybersecurity firm Qualys is the latest victim of a cyber attack, the company was likely hacked by threat actors that exploited a zero-day vulnerability in their Accellion FTA server. A set of cybercriminals belonging to the Clop Ransomware group claimed responsibility for a breach of Qualys, a major cloud computing security vendor. As proof of the access to data, an extortion site maintained by hackers on the dark web has leaked documents claiming to contain information on Qualys customers of about 19,000 clients, including major financial firms like Capital One and Experian.

Technical Details

The wave of attacks began in mid-December 2020, threat actors exploited multiple zero-day vulnerabilities in the Accellion File Transfer Appliance (FTA) software to deploy a shell dubbed DEWMODE on the target networks.

The attackers exfiltrated sensitive data from the target systems and then published it on the CLOP ransomware gang’s leak site. It has been estimated that the group has targeted approximately 100 companies across the world between December and January. Further, Qualys CISO Ben Carr added that the incident hadn’t affected Qualys production environments, codebase or customer data hosted on the Qualys Cloud Platform.

FireEye pointed out that despite FIN11 hackers publishing data from Accellion FTA customers on the Clop ransomware leak site, they did not encrypt systems on the compromised networks. In response to the wave of attacks, the vendor has released multiple security patches to address the vulnerabilities exploited by the hackers and the company is also going to retire legacy FTA server software by April 30, 2021.

Mitigation Strategy

An organization should always be well prepared for the forthcoming incidents that may approach possessing harmful instincts such as cyber-attacks. To tackle those attacks at the initial level, following are certain points that needs to be followed by any organization so as to reduce the risk of loss from the occurrence of any undesirable event.

1. Users should follow the best practices to defend against the malware and create an effective backup strategy by following the 3-2-1 rule:
–   Adopt strong passwords throughout the network.
–   Consider network segmentation to separate important processes and systems from the wider access network.
–   Increase awareness of how ransomware spreads, i.e., through spammed emails and attachments.
–   Monitor and audit network traffic for any suspicious behaviors or anomalies

2. Deploy IAM, limit privileged users, and implement MFA.

3. Install an antivirus solution, schedule signature updates, and monitor the antivirus status on all equipment.

4. If noticed any kind of activity (new process initiated, any files have been deleted automatic), take an appropriate action.

5. Keep your operating system and software up to date with the latest patches. Vulnerable applications and operating systems are the target of most attacks. Ensuring      these are patched with the latest updates greatly reduces the number of exploitable entry points available to an attacker. Use application whitelisting to help prevent malicious software and unapproved programs from running. Application whitelisting is one of the best security strategies as it allows only specified programs to run, while blocking all others, including malicious software.

Preventive Measures

An organization’s ability to rapidly respond to and recover from an incident begins with the development of an incident response capability. An organization’s response capability should focus on being prepared to handle the most common attack vectors (e.g., spearphishing, malicious web content, credential theft).
In general, organizations should prepare for those attacks for a longer run by keeping the following key pointers in consideration:

– Block the IOCs.
– Enable E-mail filtering for .exe attachment files.
– Set remote access restrictions.
– Configure PowerShell to execute only signed scripts.
– Configure Windows to show file extensions and keep the macros disabled.
– To ensure that recovery from a ransomware or sabotage attack is possible, all data must be regularly backed up and a good backup strategy adopted.
– Implement endpoint security with active monitoring.
– Encrypt all sensitive organizational information.
– Upgrade your systems with the latest security patches.

Conclusion

Ransomware has been around for a few years now and we are starting to see instances of this type of malware that break the mold and forge a new direction. Clop differs from other ransomware in many significant ways — from its capabilities to the heart of the ransomware attack itself, gaining entry.

It will be interesting to see if other ransomware begins to use exploit kits as infection vectors like Clop or if this practice remains the exception to the rule. The Financial Services Information Sharing and Analysis Center (FS-ISAC), a clearinghouse for financial threat information whose members include big banks, encourages all financial institutions to follow published procedures to assess and maintain the security of their systems and to continually monitor for signs of any anomalous activity.

229 thoughts on “Qualys Data Breach”

  1. Insightful and well-written! Your points are thought-provoking. For those wanting to learn more about this topic, here’s a great resource: FIND OUT MORE. Interested in hearing everyone’s perspective!

  2. Bwer Company is a top supplier of weighbridge truck scales in Iraq, providing a complete range of solutions for accurate vehicle load measurement. Their services cover every aspect of truck scales, from truck scale installation and maintenance to calibration and repair. Bwer Company offers commercial truck scales, industrial truck scales, and axle weighbridge systems, tailored to meet the demands of heavy-duty applications. Bwer Company’s electronic truck scales and digital truck scales incorporate advanced technology, ensuring precise and reliable measurements. Their heavy-duty truck scales are engineered for rugged environments, making them suitable for industries such as logistics, agriculture, and construction. Whether you’re looking for truck scales for sale, rental, or lease, Bwer Company provides flexible options to match your needs, including truck scale parts, accessories, and software for enhanced performance. As trusted truck scale manufacturers, Bwer Company offers certified truck scale calibration services, ensuring compliance with industry standards. Their services include truck scale inspection, certification, and repair services, supporting the long-term reliability of your truck scale systems. With a team of experts, Bwer Company ensures seamless truck scale installation and maintenance, keeping your operations running smoothly. For more information on truck scale prices, installation costs, or to learn about their range of weighbridge truck scales and other products, visit Bwer Company’s website at bwerpipes.com.

  3. Tech Write For Us explores the transformative impact of AI in education. We provide in-depth articles on how AI enhances learning, supports educators, and personalizes student experiences. Stay informed with the latest trends and innovations in educational technology with us.

  4. купить оригинальный диплом о высшем образовании [url=https://1oriks-diplom199.ru/]купить оригинальный диплом о высшем образовании[/url] .

  5. пин ап казино официальный сайт [url=https://pinup-kazi.ru/#]пин ап казино[/url] пин ап вход

  6. mexican border pharmacies shipping to usa [url=http://mexicanpharmi.com/#]mexican pharmacy[/url] pharmacies in mexico that ship to usa

  7. cost of cheap clomid tablets [url=http://clomidonpharm.com/#]clomid on pharm[/url] where can i buy cheap clomid without prescription

  8. how can i get cheap clomid [url=https://clomidonpharm.com/#]can i buy clomid[/url] how can i get generic clomid without insurance

  9. buy ciprofloxacin over the counter [url=https://cipharmdelivery.com/#]ciprofloxacin 500 mg tablet price[/url] ciprofloxacin 500mg buy online

Leave a Reply

Your email address will not be published. Required fields are marked *

Call Our Experts:

+91 95577 22103

small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png

We’d love to help your organization achieve your Data Protection goals!

Schedule a complimentary consultation with our Team of Experts.