5 Things to know about the Fortra GoAnywhere attacks

Rubrik becoming the latest to acknowledge a data breach, as the list of victims compromised through exploits of a vulnerability in the file transfer platform continues to grow

clock • 3 min read
5 Things to know about the Fortra GoAnywhere attacks

Data security firm Rubrik has become the latest company to acknowledge a data breach that stemmed from exploits of a vulnerability in the Fortra GoAnywhere file transfer platform.

Customer data does not appear to have been impacted in the breach, Rubrik said Tuesday.

Fortra, which changed its name from HelpSystems in Novem­ber, offers GoAnywhere as a secure managed file transfer (MFT) product that "streamlines the exchange of data between systems, employees, customers and trading partners," according to the company.

CRN has reached out to Fortra for comment.

What follows are five key things to know about the Fortra GoAnywhere attacks.

Vulnerability And Patch

In early February, Fortra informed customers that it had identified an actively exploited zero-day vulnerability in GoAnywhere, which could be used to remotely execute code on vulnerable systems. The Fortra advisory was first reported by journalist Brian Krebs.

On Feb. 7, Fortra released a patch for the GoAnywhere vulnerability as part of version 7.1.2. The vulnerability, which is being tracked at CVE-2023-0669, consists of a "pre-authentication command injection vulnerability in the License Response Servlet" in the GoAnywhere MFT, according to the National Vulnerability Database posting.

Exploits By Cybercrime Group

BleepingComputer reported on Feb. 10 that the Clop cybercrime gang said it was responsible for numerous attacks exploiting the GoAnywhere vulnerability.

The cybercriminal group claimed that it had stolen data from more than 130 victim organisations during a 10-day period.

On Saturday, BleepingComputer reported that the group had begun extorting victims of the GoAnywhere attacks through adding the names of alleged victims to its data leak website.

Community Health Systems Breach

Health-care provider Community Health Systems disclosed in a US SEC filing on 13 February that it had suffered a data breach in connection with the GoAnywhere vulnerability.

Community Health Systems said that it was believed that "approximately one million individuals may have been affected by this attack."

It's believed that the breach "has not had any impact on any of the company's information systems and that there has not been any material interruption of the company's business operations, including the delivery of patient care," the company said in its SEC filing.

Hatch Bank Breach

Digital banking provider Hatch Bank notified customers on 28 February that it had experienced a breach, via the GoAnywhere vulnerability, that affected customer data in late January.

The data could include names and Social Security numbers of customers, and affects a total of 139,493 customers, Hatch Bank said in a disclosure posted by the Maine attorney general website.

"On February 3, 2023, Hatch Bank was notified by Fortra of the incident and learned that its files contained on Fortra's GoAnywhere site were subject to unauthorised access," the bank said in its customer notification.

"Fortra's investigation determined that there was unauthorised access to the site account from January 30, 2023, to January 31, 2023."

Rubrik Breach

On Tuesday, Rubrik CISO Michael Mestrovich disclosed in a post that the company has detected unauthorised access to "a limited amount of information" in a non-production IT testing environment in connection with the GoAnywhere vulnerability.

"Based on our current investigation, being conducted with the assistance of third-party forensics experts, the unauthorised access did not include any data we secure on behalf of our customers via any Rubrik products," Mestrovich wrote.

The Rubrik data that was accessed "mainly consists of Rubrik internal sales information, which includes certain customer and partner company names, business contact information, and a limited number of purchase orders from Rubrik distributors," he wrote.

A third-party firm that Rubrik is working with "has also confirmed that no sensitive personal data such as Social Security numbers, financial account numbers, or payment card numbers were exposed," Mestrovich said.

Notably, the investigation so far has found no evidence of lateral movement to Rubrik's other environments.

"Rubrik took the involved non-production environment offline and leveraged our own security systems and solutions to quickly contain the threat and help restore our test environment," Mestrovich wrote in the post.

CRN has reached out to Rubrik for further comment.

Related Topics

You may also like
Rubrik completes IPO, boosting fundraise to $752m

Vendor

Rubrik completes IPO, boosting fundraise to $752m

The data security firm becomes the first cybersecurity vendor to go public in more than two years.

clock 25 April 2024 • 2 min read
Rubrik files IPO plans, reports $784m in ARR

Vendor

Rubrik files IPO plans, reports $784m in ARR

The data security firm aims to become the first vendor in the cybersecurity industry to complete an IPO in more than two years.

clock 03 April 2024 • 2 min read
Ismail Elmas joins Rubrik as GVP of international business

Vendor

Ismail Elmas joins Rubrik as GVP of international business

The appointment is aimed at driving international business pipeline

clock 20 October 2023 • 1 min read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

Get the newsletter

More on Vendor

Channel Digest: Pay no attention to the AI behind the curtain
Vendor

Channel Digest: Pay no attention to the AI behind the curtain

This week's edition of CRN's weekly Channel Digest newsletter covers the recent surge in vendor and partner M&A and AI a key driver

Victoria Pavlova
clock 26 April 2024 • 2 min read
Microsoft earnings preview: 5 things to know
Vendor

Microsoft earnings preview: 5 things to know

AI, Azure and security are just some of the biggest topics expected to come up Thursday on the company’s third fiscal quarter earnings call

Wade Tyler Millward
clock 26 April 2024 • 12 min read
AWS showcases partner-first genAI strategy at 2024 summit
Vendor

AWS showcases partner-first genAI strategy at 2024 summit

The vendor highlighted AI opportunities as partners discuss monetisation challenges

Andrea Gaini
Andrea Gaini
clock 25 April 2024 • 4 min read

Highlights

Staff & Salaries 2022
Careers and Skills

Staff & Salaries 2022

A snapshot of pay and headcount trends in the UK channel

Doug Woodburn
Doug Woodburn
clock 09 March 2022 • 1 min read
Midwich CEO on Nimans acquisition, 2021 results and return to pre-pandemic levels
Distributor

Midwich CEO on Nimans acquisition, 2021 results and return to pre-pandemic levels

Stephen Fenby talks to CRN after Midwich’s 2021 results in which profitability exceeded pre-pandemic levels

Josh Budd
Josh Budd
clock 08 March 2022 • 3 min read
4 more vendors suspend sales in Russia following Ukraine invasion
Vendor

4 more vendors suspend sales in Russia following Ukraine invasion

IBM and Microsoft are among a number of vendors which have also announced that they will halt sales in Russia following the invasion of Ukraine.

Dan Bennett
clock 08 March 2022 • 3 min read