A set of cybercriminals behind a string of recent hacks involving Accellion-made software is now claiming responsibility for a breach of Qualys, a major cloud computing security vendor.
As proof of the access to data, an extortion site maintained by hackers has leaked documents claiming to contain information on Qualys customers. Attackers affiliated with the extortion site have previously been linked to the Clop ransomware, a file-locking malware that emerged two years ago. This month, thieves claimed responsibility for a series of incidents that have relied on data leaks, rather than ransomware, as an extortion tactic, according to security firm FireEye.
With some 19,000 clients, including major financial firms like Capital One and Experian, Qualys represents an attractive target for extortionists keen on making sensitive data public.
In a statement Wednesday evening, Qualys CISO Ben Carr said the attackers had accessed files hosted on an Accellion server. Qualys “notified the limited number of customers impacted by this unauthorized access,” Carr said, adding that the incident hadn’t affected “Qualys production environments, codebase or customer data hosted on the Qualys Cloud Platform.” Carr did not specify which hackers were responsible.
Qualys has hired Mandiant, the incident response arm of security firm FireEye, to respond to the breach, a Mandiant spokesperson said.
Qualys’ cloud platform ingests data from across an organization to provide cyberthreat alerts. The firm, which reported $363 million in revenue last year, also counts technology giants Cisco and Microsoft as customers.
The incident follows a disclosure last month from Accellion, another big software vendor, that a criminal hacking group had exploited multiple vulnerabilities in one of its legacy products. Breaches linked to the Accellion flaws have hit a diverse set of victims, from Canadian plane-maker Bombardier to grocery chain Kroger.
The Accellion incident is only the latest example of cybercriminal groups seeking out key IT providers with a raft of powerful customers for extortion. The hackers behind another strain of ransomware, Maze, claimed responsibility for breaches at two multibillion-dollar IT services firms last year, Cognizant and Conduent.
The Financial Services Information Sharing and Analysis Center (FS-ISAC), a clearinghouse for financial threat information whose members include big banks, said Wednesday that it keeps a close eye on the “third-party risk” that might arise from a breach like that of Qualys.
“FS-ISAC encourages all financial institutions to follow published procedures to assess and maintain the security of their systems and to continually monitor for signs of any anomalous activity,” the analysis center said in a statement.
UPDATE, 7:07 p.m. EDT: This story has been updated with a statement from Qualys.