Cloud security firm Qualys reportedly victimized by prolific scammers

Written by

A set of cybercriminals behind a string of recent hacks involving Accellion-made software is now claiming responsibility for a breach of Qualys, a major cloud computing security vendor.  

As proof of the access to data, an extortion site maintained by hackers has leaked documents claiming to contain information on Qualys customers. Attackers affiliated with the extortion site have previously been linked to the Clop ransomware, a file-locking malware that emerged two years ago. This month, thieves claimed responsibility for a series of incidents that have relied on data leaks, rather than ransomware, as an extortion tactic, according to security firm FireEye.

With some 19,000 clients, including major financial firms like Capital One and Experian, Qualys represents an attractive target for extortionists keen on making sensitive data public. It was not immediately clear Wednesday how, if at all, the reported breach affected Qualys’ customers, or if ransomware was deployed. The California-based firm did not respond to requests for comment by press time.

Qualys’ cloud platform ingests data from across an organization to provide cyberthreat alerts. The firm, which reported $363 million in revenue last year, also counts technology giants Cisco and Microsoft as customers.

The incident follows a disclosure last month from Accellion, another big software vendor, that a criminal hacking group had exploited multiple vulnerabilities in one of its legacy products. Breaches linked to the Accellion flaws have hit a diverse set of victims, from Canadian plane-maker Bombardier to grocery chain Kroger. Qualys also reportedly used the Accellion product.

One security executive in the financial sector, who spoke on the condition of anonymity, said Qualys had informed their firm that the breach is linked to the Accellion software.

The Accellion incident is only the latest example of cybercriminal groups seeking out key IT providers with a raft of powerful customers for extortion. The hackers behind another strain of ransomware, Maze, claimed responsibility for breaches at two multibillion-dollar IT services firms last year, Cognizant and Conduent.

The Financial Services Information Sharing and Analysis Center (FS-ISAC), a clearinghouse for financial threat information whose members include big banks, said Wednesday that it keeps a close eye on the “third-party risk” that might arise from a breach like that of Qualys.

“FS-ISAC encourages all financial institutions to follow published procedures to assess and maintain the security of their systems and to continually monitor for signs of any anomalous activity,” the analysis center said in a statement.