Cloud data management service Rubrik has confirmed that it fell victim to a large-scale attack against GoAnywhere MFT devices worldwide using a zero-day vulnerability.
The breach was contained in a non-production IT testing environment, and no customer data was impacted.
Rubrik has stated that the unauthorized access did not include any data it secures on behalf of its customers via any Rubrik products.
Michael Mestrovichon, Rubrik CISO, also said that the threat actors did not spread laterally to the internal systems, and the test environment was taken offline to prevent further intrusions.
The Clop ransomware gang has claimed responsibility for the Forta GoAnywhere attacks and added Rubrik to their data leak site.
The threat actors shared samples of stolen files and stated that the data would soon be publicly released. Some screenshots shared by the threat actors contain internal Rubrik data, such as names, email addresses, and locations of employees.
At the same time, Clop ransomware gang has claimed that they breached 130 organizations to steal data over ten days, and the attacks occurred earlier this year.
The Forta GoAnywhere is a secure web file transfer solution that allows companies to securely transfer encrypted files with their partners while keeping detailed audit logs of who accessed the files.
However, the Clop ransomware gang has been exploiting the zero-day vulnerability to breach organizations, as disclosed by Hatch Bank and Community Health Systems (CHS).
In conclusion, the Rubrik data breach highlights the increasing threat of zero-day vulnerabilities and the importance of patch management. Organizations need to ensure that they have adequate security measures in place to detect and prevent such attacks.
Moreover, prompt and effective incident response is critical to contain the attack and minimize the impact.
With the rise of ransomware attacks and data breaches, organizations need to take proactive steps to safeguard their data and systems.
