As I reported here yesterday, Wolters Kluwer was forced to take a number of its platforms and applications offline after discovering malware in its systems.
Since then, the company has been able to restore services to a number of applications and platforms, a spokesperson told me. However, while it is making progress, several services remain offline, including its legal research platform Cheetah.
Cybersecurity expert Brian Krebs, at his blog Krebs on Security, writes that he attempted to notify WK on Friday that WK file directories containing new versions of software for its CCH products “were open and writable by any anonymous user, and that there were suspicious files in those directories indicating some user(s) abused that access.”
Shortly after he sent that note, WK began taking file directories for CCH tax software offline. “As of this publication,” he wrote yesterday, “several readers have reported outages affecting multiple CCH Web sites.”
One of the systems that was taken down was CCH Axcess, a platform for tax and accounting professionals. As of this around 2 p.m. Eastern time today, that system was back up and running, but with some performance issues, according to reports posted on Reddit.
Reports on the Reddit thread said that Axcess was not affected by the malware but was taken offline as a precaution. That appears consistent with the statement issued yesterday by WK:
On Monday May 6, we started seeing technical anomalies in a number of our platforms and applications. We immediately started investigating and discovered the installation of malware. As a precaution, in parallel, we decided to take a broader range of platforms and applications offline. With this action, we aimed to quickly limit the impact this malware could have had, giving us the opportunity to investigate the issue with assistance from third-party forensics consultants and work on a solution. Unfortunately, this impacted our communication channels and limited our ability to share updates. On May 7, we were able to restore service to a number of applications and platforms.
We regret any inconvenience and that we were unable to share more information initially, as our focus was on investigation and restoring services as quickly as possible for our customers.
We have seen no evidence that customer data was taken or that there was a breach of confidentiality of that data. Also, there is no reason to believe that our customers have been infected through our platforms and applications. Our investigation is ongoing. We want to apologize for any inconvenience this may have caused.
If I learn anything more, I’ll post it when I do.