Wolters Kluwer was warned on May 3 by Brian Krebs, an author who writes extensively about computer security, about possible security problems with its software. In a post on Krebs on Security, Krebs admitted he had no information that the problems he reported had  anything to do with the outages that have affected  CCH products and services since May 6. 

And whether or not the WK operations were hit by the Mega Cortex ransomware virus as some specuate, the outage comes at a time that malware has been reported as hitting large corporations around the world in the last few days. 

The three-day outage has stymied CCH users who found themselves unable to do business. Some users say that CCH software, support and phones were down or that the company phones were not being answered. They have been venting their anger at Wolters Kluwer with theories about the situation being kicked around on social media. Most are complaining about what they see as inadequate information from WK.

The situation appears to be in flux. WK reported that on the morning of May it determined it had experienced a malware attack and proceeded to take platforms, software and services off line to prevent its spread and that it was bringing systems back up selectively.

A statement on 1:45 pm May 8 by the company said the CCH Axcess system was back up. Among services not available were efiling while email was performing more slowly than normal. Some articles and news were not accessible via links and new users also could not be set up within CCH Axcess. An updated statement on the website of the parent Wolters Kluwer said the company was bringing its support centers back on line.

However, user reports say Axcess went back down.

Whatever the cause of the outages, Krebs said he asked a friend on May 3 to relay information to a security contact at CCH about his concerns about its software. “The message was that the same file directories containing new versions of CCH’s software were open and writable by any anonymous user, and that there were suspicious files in those directories indicating some user(s) abused that access,” Krebs wrote.

A Reddit report from supposedly with CCH said the presence of Mega Cortex had been confirmed. Although both the account and message were deleted, it has been reposted on Reddit by another user.

Krebs' post did not touch on the possibility of the attack being caused by ransomware. He did cite what he saw as troubling problems in the software. He said he saw odd PHP and text files in CCH directories “including one that seemed to be promoting two different and unrelated Russian language discussion forums.” He also said, “I sent Wolters Kluwer an email asking how long the file server had been so promiscuous (allowing anyone to upload files to the server), and what the company was doing to validate the integrity of the software made available for download by CCH tax customers"

Bob Scott
Bob Scott has provided information to the tax and accounting community since 1991, first as technology editor of Accounting Today, and from 1997 through 2009 as editor of its sister publication, Accounting Technology. He is known throughout the industry for his depth of knowledge and for his high journalistic standards.  Scott has made frequent appearances as a speaker, moderator and panelist and events serving tax and accounting professionals. He  has a strong background in computer journalism as an editor with two former trade publications, Computer+Software News and MIS Week and spent several years with weekly and daily newspapers in Morris County New Jersey prior to that.  A graduate of Indiana University with a degree in journalism, Bob is a native of Madison, Ind
Last modified on Thursday, 09 May 2019
Read 1775 times
Rate this item
(0 votes)

Visit other PMG Sites:

click me
PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.
Ok Decline