AvidXchange Gets Pwned For The Second Time This Year

U.S. payment software firm AvidXchange announced earlier this week that, for the second time this year, its cloud-based payment software has fallen victim to a ransomware attack, and the gang called RansomHouse has started publishing sensitive data.

The published compilation of login details suggests that AvidXchange uses easily guessable passwords with iterations of the company’s name and the word “password” itself and suggests many of the logins may still be in use. Furthermore, the RansomHouse gang claims to target organizations with a negligent attitude towards privacy and security.

The sample of stolen data from a variety of company systems such as cloud accounts, security software, and even smart door locks and surveillance cameras includes:

  • Non-disclosure agreements 
  • Employee payroll information
  • Corporate bank account numbers
  • Login details 
  • Usernames 
  • Passwords
  • Answers to security questions

Unfortunately for AvidXchange, this comes just weeks after the company confirmed it was one of the victims of Forta’s GoAnywhere mass-hack earlier this year.

Roy Akerman, Co-Founder & CEO, Rezonate has this comment:

    “Compromised accounts, protected by weak passwords, serve as an easy targets for attackers to breach in. A beginner Whitehat pen-tester or a Blackhat attacker learn how to use a password cracker in minutes to brute force their way in to an organization and since not monitored, easily gain access without being noticed. 

   “AvidXchange unfortunately have not taken sufficient steps since their recent breach to secure their most critical attack surface which is identity and access. Going back to the basics is critical in these cases to make sure best practices and processes are built with strong password policy, MFA, complete visibility across your identity fabric to know who can do what, who is doing what, and pinpoint any malicious exploitation or anomalous behavior.”

Morten Gammelgard EVP, EMEA, BullWall followed up with this:

   “AvidXchange falling victim to a second ransomware attack highlights the importance of good password policies and a comprehensive security strategy. If, as reported, the attackers were able to easily guess passwords that were iterations of the company’s name and included the word “password”, that is unforgivable. The first rule of passwords is strong and complex passwords.

   “In addition to strong password policies, companies must have a robust security stack, backups, and a ransomware containment system in place. The publication of sensitive data stolen from a variety of AvidXchange’s systems emphasizes the need for securing not just IT systems, but also physical infrastructure such as smart locks and cameras. Regular testing of backup plans is also crucial to ensure their effectiveness. Cyber threats are constantly evolving and all organizations must be vigilant and proactive in securing their systems.”

Mark Bermingham, VP, Cyware concludes with this:

   “Making sense of threat intelligence is a critical add for ensuring diligent security.  Lessons ignored can become lessons learned and then applied thru the security stack by automating the ingestion of relevant threat intel, enriching and correlating, and subsequently automating actioning based on insights gleaned from threat intel. Common tactics and techniques (TTPs) readily emerge from threat intel analysis that can prevent or significantly limit the effectiveness of subsequent attacks.”

Hopefully this is a wake up call AvidXchange. Because if they don’t improve their defences, they’ll be like T-Mobile who seem to be continually pwned by hackers.

Leave a Reply

%d bloggers like this: