According to Rubrik, which disclosed its vulnerability on Friday, theFortra GoAnywhere zero-day vulnerability has been linked to hacks targeting a hospital chain and a bank. As such, Rubrik believes that its systems were targeted in these attacks.
Rubrik had reason to be concerned about the safety of its data after discovering a security flaw in Fortra’s GoAnywhere file-transfer software. The company has now confirmed that attackers obtained access to non-production IT testing environments as a result of the issue. This revelation underscores just how important it is for companies to constantly update their security protocols and ensure that their software is up-to-date.
The vulnerability, tracked as CVE-2023-0669, is a critical privacy flaw in Fortra’s security advisory system that would allow third party attackers to access customers’ bank account information. Fortra released a patch for the flaw five days later on February 7, after security journalist Brian Krebs publicly shared details of the flaw.
According to Mestrovich, the data accessed mainly consisted of information on internal sales from Rubrik, including customer and partner company names, contact information, and purchase orders. The review found that the data accessed did not include any sensitive or confidential information.
The third-party firm that conducted the investigation into the breach of Target’s systems has confirmed that no sensitive personal data such as Social Security numbers, financial account numbers, or payment card numbers were exposed in the incident. While the extent of what was stolen is still unknown, this reassuring news will likely help calm those affected by the hack.
Rubrik’s data management and backup services ensure that enterprises can protect their data regardless of where it is located. Rubrik’s cloud-based platform makes storing and managing data easy, while its on-premise tools enable businesses to maintain control over their own data. This combination allows companies to protect their assets from potential threats regardless of the infrastructure they use.
It is not clear what may have been stolen, as Simmons declined to answer any additional questions. However, it is possible that the unauthorized access could have included data on Rubrik products that help companies secure their data. If so, this would be a serious security breach for the company.
The Clop ransomware has been active in spreading hacktivism and cybercrime across the globe, but now Rubrik may have come up with an even more insidious way of using its victims’ data. The cloud storage company confirmed that it was victim to the Clop ransomware attack, and released a statement saying that most of the information housed on its systems was corporate data. It is unknown why Clop chose this specific group as its target, but it is likely that this disclosure will cause Rubrik a great deal of damage amongst existing clients, who may now be less willing to use the company’s services due to concerns about their private information.
The United States Department of Justice has announced that the Russian-linked Clop gang was able to exploit a zero-day flaw in order to steal data from more than 130 organizations. This includes, among others, Hatch Bank and Community Health Systems. The DOJ further says that the hackers accessed medical billing and insurance information, diagnostic and medications data, as well as Social Security numbers.
The exposure of the Rubrik data breach raises alarming questions about the security of customer information held by companies such as this one. The exposed server was not protected with a password, and therefore anyone who knew the IP address of the server could access tens of gigabytes of data, including customer names, contact information and casework for each corporate customer. This could pose a serious threat to customers’ privacy and safety.