April 26, 2024 at 04:59PM
The Cactus ransomware group exploited vulnerabilities in Qlik Sense, allowing remote attacks. Despite Qlik’s disclosure of these flaws, many organizations remained exposed. Notably, 3,143 servers were vulnerable, with alerts and notifications being sent to potential victims. Failure to address the vulnerabilities could lead to compromised instances, making remediation imperative.
It seems that Qlik Sense data analytics and business intelligence platform has been vulnerable to exploitation from the Cactus ransomware group through three disclosed vulnerabilities. Despite warnings and disclosures from Qlik, many organizations are still vulnerable. This has led to security organizations such as Fox-IT and the Dutch Institute for Vulnerability Disclosure (DIVD) under Project Melissa to identify and notify potential victims of the Cactus ransomware attacks, as well as the ShadowServer Foundation reaching out to at-risk organizations.
Further, it has been noted that as of April 17, there were still 3,143 vulnerable Qlik Sense servers, 396 of which were in the US, with other countries like Italy, Brazil, Netherlands, and Germany also being significantly affected. The security organizations are actively taking steps to notify and assist the affected organizations.
Overall, it is critical that organizations take action to remediate these vulnerabilities to prevent potential compromise by the Cactus ransomware group and to secure their systems against future attacks.