Safety large Rubrik says hackers used Fortra zero-day to steal inside knowledge
Silicon Valley-based knowledge safety firm Rubrik has come ahead as the newest sufferer of the Fortra GoAnywhere zero-day vulnerability, which has been linked to hacks concentrating on a hospital chain and a financial institution.
In a weblog submit printed on Tuesday, Rubrik’s chief data safety officer Michael Mestrovich stated that attackers had gained entry to the corporate’s non-production IT testing environments on account of the flaw in Fortra’s GoAnywhere file-transfer software program, which Rubrik makes use of for sharing inside knowledge.
This vulnerability, tracked as CVE-2023-0669, first got here to gentle on February 2 after safety journalist Brian Krebs publicly shared particulars of Fortra’s paywalled safety advisory. Fortra launched a patch for the actively-exploited flaw 5 days afterward February 7.
Mestrovich stated that since studying of the flaw final month, Rubrik performed a “complete overview” of the affected knowledge with an unnamed third-party agency, which discovered that the information accessed primarily consists of Rubrik inside gross sales data, together with “sure buyer and accomplice firm names, enterprise contact data, and a restricted variety of buy orders from Rubrik distributors.”
“The third-party agency has additionally confirmed that no delicate private knowledge akin to Social Safety numbers, monetary account numbers, or cost card numbers have been uncovered,” Mestrovich stated.
Rubrik gives enterprise knowledge administration and backup companies throughout on-premise, cloud and hybrid networks.
In a press release, Rubrik spokesperson Najah Simmons instructed robotechcompany.com that the “unauthorized entry didn’t embrace any knowledge we safe on behalf of our clients by way of any Rubrik merchandise.” Simmons declined to reply any further questions, akin to whether or not Rubrik has obtained or been made conscious of a requirement for cost.
Rubrik’s affirmation comes simply hours after a list naming the corporate appeared on the darkish internet leak web site of the Clop ransomware gang. Samples of stolen knowledge printed by Clop, and seen by robotechcompany.com, align with Rubrik’s assertion that it comprised of principally company data.
The Russia-linked Clop gang claims to have exploited the zero-day flaw to steal knowledge from greater than 130 organizations — together with Hatch Financial institution, and Neighborhood Well being Programs, which final week confirmed in a submitting with the Maine lawyer basic’s workplace that the hackers accessed medical billing and insurance coverage data, diagnostic and medicines knowledge, and Social Safety numbers.
Again in 2019, Rubrik suffered a safety lapse that uncovered a large database of buyer data. An uncovered server that wasn’t protected with a password left tens of gigabytes of information, together with buyer names, contact data and casework for every company buyer, accessible to anybody who knew the IP deal with of the server.