Article content continued
The spokesperson was mum when asked to confirm if the attack was ransomware, that files had been copied, whether the information affected was corporate or personal, and, if personal, did it involve current and former employees.
In its most recent quarterly financial statement for the period ending September 30, 2020, Colliers said it had a net income of just under $32 million on revenues of just over US$692 million. According to its 2019 financial results at the beginning of last year, it had about 15,000 employees.
Colliers performs a number of services for real estate firms including property management, sales and appraisals as well as tenant representation.
The Netfilim website entry for Colliers has the headline “Part 1,” suggesting the two files it has posted proves the firm was compromised and could be followed by more trouble.
According to Brett Callow, a British Columbia-based threat researcher for Emsisoft, Nefilim was first noticed in the spring of last year and has since racked up a string of enterprise-space victims including Whirlpool, MAS Holdings, Luxottica and Australian logistics company Toll Group. “Unlike most other big game-hunting groups, Nefilim appears to be a closed shop rather than a ransomware-as-a-service provider, which may explain why the group is less active others,” he said in an email. “The group typically uses Microsoft RDP (remote desk protocol) and other public-facing applications for initial access of victims. Frequently, it also exploits unpatched versions of Citrix’s Application Delivery Controller going after CVE-2019-19781.”
