Serviceteam IT Security News
A multi-billion-dollar IT services firm has become the latest victim of the infamous Maze ransomware group after it appeared to target a widely publicized Citrix vulnerability.

New Jersey-headquartered Conduent claims to provide mission-critical services and solutions for “a majority of Fortune 100 companies and over 500 governments.”

The firm admitted in a statement that its European operations were hit by an attack on May 29, early in the morning local time.

“Our system identified ransomware, which was then addressed by our cybersecurity protocols,” it explained. “This interruption began at 12.45 AM CET on May 29 with systems mostly back in production again by 10.00 AM CET that morning, and all systems have since then been restored.”

It said the incident resulted in only “partial interruption” to its services for customers, and an ongoing investigation is being undertaken featuring “internal and external security forensics and anti-virus teams.”

Although Conduent didn’t name its attacker, security researchers have seen Maze post stolen financial data from the firm online as proof of its raid.

Bad Packets claimed that, according to its own research, a Citrix server run by the IT services giant was left unpatched for at least eight weeks.

The Maze group has been observed previously exploiting the CVE-2019-19781 vulnerability in the ADC and Citrix Gateway products, which was first disclosed in December 2019.

The bug can allow an unauthenticated attacker to perform arbitrary code execution on a victim machine.

The Maze group also has previous in this area: hitting IT services firm Cognizant back in April in an attack which the firm admitted could cost it $70m in Q2 2020.

“Making sure you are using up-to-date operating systems and that software is running on the latest version is a critical part of cyber-hygiene,” argued CyberSmart CEO, Jamie Akhtar.

“Ransomware is a game of economics and incentives. By not protecting our systems, not backing up our files and giving into paying ransoms we increase the reward for the attackers and the general viability of these kinds of attacks. If we all do our part in reducing incentives, we can develop a kind of digital herd immunity where criminals in future may no longer feel the attacks are worth the effort.”

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!