Advertisement

Cloud security firm Qualys reportedly victimized by prolific scammers

As proof of the breach, an extortion site maintained by the cybercriminals has leaked documents claiming to contain information on Qualys customers.
An outside data breach appears to have resulted in a compromise at Qualys, the cloud computing vendor. (Photo by Matt Blyth/Getty Images)

A set of cybercriminals behind a string of recent hacks involving Accellion-made software is now claiming responsibility for a breach of Qualys, a major cloud computing security vendor.  

As proof of the access to data, an extortion site maintained by hackers has leaked documents claiming to contain information on Qualys customers. Attackers affiliated with the extortion site have previously been linked to the Clop ransomware, a file-locking malware that emerged two years ago. This month, thieves claimed responsibility for a series of incidents that have relied on data leaks, rather than ransomware, as an extortion tactic, according to security firm FireEye.

With some 19,000 clients, including major financial firms like Capital One and Experian, Qualys represents an attractive target for extortionists keen on making sensitive data public.

In a statement Wednesday evening, Qualys CISO Ben Carr said the attackers had accessed files hosted on an Accellion server. Qualys “notified the limited number of customers impacted by this unauthorized access,” Carr said, adding that the incident hadn’t affected “Qualys production environments, codebase or customer data hosted on the Qualys Cloud Platform.” Carr did not specify which hackers were responsible.

Advertisement

Qualys has hired Mandiant, the incident response arm of security firm FireEye, to respond to the breach, a Mandiant spokesperson said.

Qualys’ cloud platform ingests data from across an organization to provide cyberthreat alerts. The firm, which reported $363 million in revenue last year, also counts technology giants Cisco and Microsoft as customers.

The incident follows a disclosure last month from Accellion, another big software vendor, that a criminal hacking group had exploited multiple vulnerabilities in one of its legacy products. Breaches linked to the Accellion flaws have hit a diverse set of victims, from Canadian plane-maker Bombardier to grocery chain Kroger.

The Accellion incident is only the latest example of cybercriminal groups seeking out key IT providers with a raft of powerful customers for extortion. The hackers behind another strain of ransomware, Maze, claimed responsibility for breaches at two multibillion-dollar IT services firms last year, Cognizant and Conduent.

The Financial Services Information Sharing and Analysis Center (FS-ISAC), a clearinghouse for financial threat information whose members include big banks, said Wednesday that it keeps a close eye on the “third-party risk” that might arise from a breach like that of Qualys.

Advertisement

“FS-ISAC encourages all financial institutions to follow published procedures to assess and maintain the security of their systems and to continually monitor for signs of any anomalous activity,” the analysis center said in a statement.

UPDATE, 7:07 p.m. EDT: This story has been updated with a statement from Qualys.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts