[BreachExchange] Information Services Giant Wolters Kluwer Hit by Malware Attack

Thu May 9 22:55:15 EDT 2019

https://www.securityweek.com/information-services-giant-wolters-kluwer-hit-malware-attack

Global information services giant Wolters Kluwer has taken many of its
applications and platforms offline after discovering malware on its
systems.

The Netherlands-based company started seeing what it described as
“technical anomalies” on May 6. This triggered an investigation that
led to the discovery of malware.

“With this action, we aimed to quickly limit the impact this malware
could have had, giving us the opportunity to investigate the issue
with assistance from third-party forensics consultants and work on a
solution. Unfortunately, this impacted our communication channels and
limited our ability to share updates,” Wolters Kluwer stated on
Wednesday.

The company said it found no evidence that customer data had been
accessed or stolen, and there was no indication that its solutions had
been leveraged to infect customers with malware.

Wolters Kluwer is a provider of professional information, software,
and services for the healthcare, legal, financial and regulatory
sectors. The company has customers in nearly every country around the
world and last year it reported annual revenues of €4.3 billion ($4.8
billion).

One of the most impacted units of Wolters Kluwer appears to be CCH,
which provides software and information services for accounting, tax,
and audit workers. Many users have complained on social media about
not being able to access CCH websites and cloud-stored tax data.

Security blogger Brian Krebs said he informed CCH on May 3 that
directories containing new versions of its software had been
configured to allow anyone to write files to them. Krebs said he had
spotted “a few odd PHP and text files” in those folders.

Wolters Kluwer has not shared any information about the malware it
detected on its systems. However, according to some reports, the
incident involved MegaCortex, a piece of ransomware that has been
increasingly used to target enterprises.

Sophos reported recently that a spike in MegaCortex attacks has been
observed since May 1. The attacks targeted organizations around the
world, including in Italy, the U.S., Canada, the Netherlands, Ireland
and France.

Wolters Kluwer has started restoring its online services, but some of
them continue to be offline.