Rubrik Hit Hard – GoAnywhere Zero-Day Utilized Maliciously
Cybersecurity firms exist to help us elevate our online security and privacy. They scan for flaws within all applications and networks to reduce threats. Unfortunately, even they are susceptible to cyber threats, which is exactly the case with the reputable company Rubrik.
The cloud data management service is globally used to provide disaster recovery solutions. However, this time around, the disaster fell within the company itself.
Vulnerabilities are everywhere, and even the biggest companies can have some. Rubrik disclosed that it fell victim to a large-scale attack against GoAnywhere MFT devices as cybercriminals utilized a zero-day vulnerability. What do we know about this incident? Find out below.
Another Vulnerability – The Protector Needs Protection
As mentioned, vulnerabilities are bound to exist, regardless of the company’s reputation in security and privacy. The biggest security firms in the world are still on edge thanks to the Log4Shell vulnerability.
In other words, system flaws are inevitable. Even QNAP – the Taiwanese maker of network-attached storage (NAS), reported one of its own (PHP vulnerability) a while ago.
Now, Rubrik joins the mix with this newly exploited GoAnywhere vulnerability. This service acts as a web file transfer solution, allowing companies to securely send/receive encrypted files with others.
The provided procedure is completely safe, and it helps companies keep detailed audit logs of what was sent and who gained access to it.
Rubrik released a statement confirming the breach and informing customers that it was contained within the non-production IT testing environment. Not only that, but their personal information is completely safe and unaffected.
“We detected unauthorized access to a limited amount of information in one of our non-production IT testing environments as a result of the GoAnywhere vulnerability,”
Importantly, based on our current investigation, being conducted with the assistance of third-party forensics experts, the unauthorized access did NOT include any data we secure on behalf of our customers via any Rubrik products.”
So, why the sudden disclosure? Well, this statement came right after none other than the Clop ransomware gang added Rubrik to their data leak site.
This “Very Dangerous” threat actor group has shared samples of stolen files and stated that they’d release everything very soon.
Apparently, what Rubrik claims is correct. No personal information of customers was affected. Only internal Rubrik data, such as locations, names, and email addresses of employees, are shown in the screenshots.
Rubrik Data Breach – GoAnywhere Zero-Day Perfectly
When it comes to vulnerabilities, any company is at risk. As seen above, even cybersecurity firms can fall victim to such flaws, allowing cybercriminals to take advantage of the situation and act on it.
The Clop ransomware gang has been around for quite some time now, and these threat actors know exactly when to strike. We hope that Rubrik fixes this issue as soon as possible.