Skip to main content
Announcements
Accelerate Your Success: Fuel your data and AI journey with the right services, delivered by our experts. Learn More
cancel
Showing results for 
Search instead for 
Did you mean: 
danrdz
Contributor II
Contributor II

Automatic Task Created Without Consent

Hello Qlik Community,

I am reaching out for assistance or clarification regarding an unexpected incident within our system. On January 16th, a new automated task was created in our Qlik Sense setup without the knowledge or consent of myself or my team.

This task appeared out of the blue in our logs and seems to be related to an update or gathering of user information. We are concerned since there were no scheduled changes nor were there any new tasks authorized for that date, and we have no records of any team member setting this up.

Could anyone provide insight into how this task could have been generated autonomously? Is it possible that it is part of a Qlik Sense update or an internal process that we are not fully aware of? Any guidance on how to investigate and prevent such incidents in the future would be immensely helpful.

Thank you in advance for your time and responses.

Labels (2)
1 Solution

Accepted Solutions
vinieme12
Champion III
Champion III

https://arcticwolf.com/resources/blog/qlik-sense-exploited-in-cactus-ransomware-campaign/

https://community.qlik.com/t5/Security-Governance/quot-Qlik-Sense-Exploited-in-Cactus-Ransomware-Cam...

Refer above URL for more info

Is your Qliksense environment available over the internet for remote usage ? It would be best to disable internet ports on the server

Vineeth Pujari
If a post helps to resolve your issue, please accept it as a Solution.

View solution in original post

4 Replies
John_Sathya
Support
Support

Hello @danrdz ,

Usually, these tasks are not auto-generated. Are you using any API to trigger tasks?

Its good to check if any team member has created this task.

danrdz
Contributor II
Contributor II
Author

Hello,

Thank you for your prompt reply. To clarify, we have not utilized any API to program tasks within our system. After thorough verification, we can confirm that no team member has created this task either.

Considering this task was generated without our initiation, and assuming it is not a feature of Qlik's automatic processes, what steps would you recommend we take to secure our data and prevent unauthorized tasks from being created? Any best practices or security measures that we should look into would be greatly appreciated.

Looking forward to your guidance.

Best regards,

vinieme12
Champion III
Champion III

https://arcticwolf.com/resources/blog/qlik-sense-exploited-in-cactus-ransomware-campaign/

https://community.qlik.com/t5/Security-Governance/quot-Qlik-Sense-Exploited-in-Cactus-Ransomware-Cam...

Refer above URL for more info

Is your Qliksense environment available over the internet for remote usage ? It would be best to disable internet ports on the server

Vineeth Pujari
If a post helps to resolve your issue, please accept it as a Solution.
danrdz
Contributor II
Contributor II
Author

I am truly grateful for the information you've provided. I have alerted our security team to conduct a thorough review of the situation. We are treating this matter with the utmost seriousness and are ensuring that we follow every recommended step to mitigate any potential vulnerabilities.

Nevertheless, we will verify the port configurations to confirm that everything is properly secured and take the necessary steps to disable any unsafe internet access.

Your advice is invaluable and steers us towards the right path to strengthen our security measures.

Warm regards,