Solved: Re: Automatic Task Created Without Consent - Qlik Community

danrdz · ‎2024-02-10

Hello Qlik Community,

I am reaching out for assistance or clarification regarding an unexpected incident within our system. On January 16th, a new automated task was created in our Qlik Sense setup without the knowledge or consent of myself or my team.

This task appeared out of the blue in our logs and seems to be related to an update or gathering of user information. We are concerned since there were no scheduled changes nor were there any new tasks authorized for that date, and we have no records of any team member setting this up.

Could anyone provide insight into how this task could have been generated autonomously? Is it possible that it is part of a Qlik Sense update or an internal process that we are not fully aware of? Any guidance on how to investigate and prevent such incidents in the future would be immensely helpful.

Thank you in advance for your time and responses.

vinieme12 · ‎2024-02-11

https://arcticwolf.com/resources/blog/qlik-sense-exploited-in-cactus-ransomware-campaign/

https://community.qlik.com/t5/Security-Governance/quot-Qlik-Sense-Exploited-in-Cactus-Ransomware-Cam...

Refer above URL for more info

Is your Qliksense environment available over the internet for remote usage ? It would be best to disable internet ports on the server

Vineeth Pujari
If a post helps to resolve your issue, please accept it as a Solution.

View solution in original post

John_Sathya · ‎2024-02-10

Hello @danrdz ,

Usually, these tasks are not auto-generated. Are you using any API to trigger tasks?

Its good to check if any team member has created this task.

danrdz · ‎2024-02-11

Hello,

Thank you for your prompt reply. To clarify, we have not utilized any API to program tasks within our system. After thorough verification, we can confirm that no team member has created this task either.

Considering this task was generated without our initiation, and assuming it is not a feature of Qlik's automatic processes, what steps would you recommend we take to secure our data and prevent unauthorized tasks from being created? Any best practices or security measures that we should look into would be greatly appreciated.

Looking forward to your guidance.

Best regards,

vinieme12 · ‎2024-02-11

https://arcticwolf.com/resources/blog/qlik-sense-exploited-in-cactus-ransomware-campaign/

https://community.qlik.com/t5/Security-Governance/quot-Qlik-Sense-Exploited-in-Cactus-Ransomware-Cam...

Refer above URL for more info

Is your Qliksense environment available over the internet for remote usage ? It would be best to disable internet ports on the server

Vineeth Pujari
If a post helps to resolve your issue, please accept it as a Solution.

danrdz · ‎2024-02-12

I am truly grateful for the information you've provided. I have alerted our security team to conduct a thorough review of the situation. We are treating this matter with the utmost seriousness and are ensuring that we follow every recommended step to mitigate any potential vulnerabilities.

Nevertheless, we will verify the port configurations to confirm that everything is properly secured and take the necessary steps to disable any unsafe internet access.

Your advice is invaluable and steers us towards the right path to strengthen our security measures.

Warm regards,

Automatic Task Created Without Consent

General Question

QMC