Zscaler Races to Control Narrative Amid Rumours of Hack
News of an attack on one of the world’s largest cybersecurity companies first swirled on a popular cybercrime forum.
Rumours began after a notorious hacker called IntelBroker posted how he was “selling access” to a company later confirmed to be Zscaler for US$20,000.
Zscaler is one of the largest cloud security providers, with over 6,000 customers globally.
In a blog responding to a post on X talking of the alleged breach, the company posted a update the same day announcing that it was launching an investigation. This announcement saw its shares fall more than 4% on the NASDAQ.
What was allegedly affected?
The alleged files accessed included “confidential and highly critical logs packed with credentials,” SMTP access, SSL certificates, and other sensitive data.
In the US, public companies are obliged to follow certain reporting requirements from bodies like the SEC that ask details of cyber breaches to be filed within four days of identifying that it has a material impact.
Hours later, Zscaler followed up their initial statement claiming their investigation has not found evidence of a breach.
The company later provided an update stating that it discovered an “isolated test environment on a single server (without any customer data) which was exposed to the internet.”
Although downplaying the importance, and not specifically mentioning if there was a breach, Zscaler stressed the test environment was not hosted on their infrastructure and had no connectivity to Zscaler’s environments.
Testing times
Test environments are isolated computer systems specifically designed to mimic real-world security setup but without any customer data. This allows testing and refining of security tools and procedures in a safe space, ensuring any vulnerabilities don't affect their production systems.
Although potential exposure of a test environment may not affect any data breaches, exposed systems could reveal security weaknesses hackers could exploit in real systems and can even sometimes offer insights into security setup, tools, and even unreleased features.
Zscaler said this test environment was taken offline for forensic analysis but reiterated that no company, customer, or production systems were impacted.
The cybersecurity company later stated they had enlisted a “reputable incident response firm” to initiate an independent investigation whilst they “continue to monitor the situation” before reiterating on 10th May that there was “no impact or compromise” to customer, production and corporate environments.
An independent third party incident response firm continues to work on forensics analysis of the quarantined test environment.
The alleged breach, even if ultimately proved to be contained to a test environment, raises concerns for Zscaler's reputation as a leading cybersecurity provider.
IntelBroker, had also claimed to have hacked Hewlett Packard Enterprise in February, which the company had also initially denied but later admitted that a test environment was breached.
******
Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024
******
Cyber Magazine is a BizClik brand