IT company with 26,000 employees hacked by ransomware attack

Security companies can also fall victim to cyberattacks. Cybersecurity company Conduent (which generates profits of more than $4 billion USD a year) has just revealed that it has been the victim of a ransomware attack that compromised most of its operations in Europe in less than eight hours.

“Our operations in Europe experienced an outage during Friday, May 29, 2020. A variant of ransomware was identified on our systems, which was addressed by security computers.” The company has already completely restored its services.  

Although Conduent did not reveal the name of the ransomware variant used in this attack, the cybercrime group known as Maze has published on dark web some files extracted from the systems of the attacked company.

The company also did not provide details about the attack method employed by hackers, although Bad Packets researchers claim that Conduent ran Citrix VPN without updating for at least eight weeks. It should be noted that an arbitrary code execution vulnerability in Citrix VPN has been actively exploited during the most recent months.

In early 2020, Bad Packets detected at least 10,000 vulnerable hosts running vulnerable software; Citrix released the updates shortly after, although many companies were slow to install the patches.

Regarding the malware variant used, Maze hackers use a 32-bit binary file packaged as an EXE or DLL file. According to cybersecurity specialists, this hacker group specializes in evading security mechanisms such as dynamic analysis, among others.

Although in the past cybercriminals were characterized by deploying malware in bulk and randomly waiting for someone to fall into the trap, this approach has changed. Now, cyberattack campaigns have become specific processes for each company attacked, although attack methods remain similar, including phishing campaigns, stolen login credentials and more.

Investigators believe this attack bears multiple similarities to the reported incident at the IT company Coignizant, also linked to Maze.