Unraveling the MOVEit Data Breach: More Than 554 Organizations & 37 Million Individuals Affected2/8/2023
Cybersecurity breaches have sadly become an all-too-common occurrence in today's digital landscape, with organizations of all sizes and industries falling victim to cyberattacks.
The recent MOVEit theft-attack carried out by a notorious ransomware group has sent shockwaves through the cybersecurity community, exposing a rapidly expanding threat landscape. With the number of known impacted organizations so far surpassing 554 and the number of individual victims being at least 37 million as of 1 August 2023. The Scale Of Impact From Corvus research, the number of ransomware attacks increased by roughly 180% in June 2023 as compared to the same month last year. This is fueled by the MOVEit transfer attack whereby nearly 20% of the alleged June victims were associated with the MOVEit breach. Based on Clop’s website, 206 organizations have been listed as of 26 July, whereby 2 in 5 victims have yet to publicly disclose that they have been compromised. Affected organizations come from all over the world. As of 1 August the top affected organizations came from the U.S. with 398 affected organizations, followed by 35 organizations from Germany, 25 organizations from Canada, and 24 organizations from the UK. The most heavily impacted sectors are the education and the finance & professional services, which accounts for 23.8% and 22% of the total incidents respectively. Many organizations have been impacted due to their direct-use of MOVEit, while others have been impacted due to third-party vendors’ use of MOVEit. At least 136 organizations that did not use MOVEit directly have been compromised through third-party vendors. As Emsisoft reported, based on the figures released by affected organizations, at least 37 million individuals’ personal details have been compromised and have been held to ransom. The number of individual victims are actually much higher than that as only a fifth of the affected organizations have publicly released the total number of individuals who had their personal information exposed. What Happened? MOVEit is a file transfer platform, which is used by thousands of both private and public sectors globally, which includes governments, healthcare organizations, law firms, education service providers and financial institutions. Around 29 May 2023, MOVEit was hacked by the Clop ransomware group via the use of a zero-day vulnerability in Progress Software’s MOVEit, and data was stolen from many organizations, whose numbers are not yet confirmed. On 31 May, Progress disclosed a zero-day vulnerability and issued a patch. By 5 June, the first wave of victims started to disclose the breaches related to the MOVEit theft-attack, which included the BBC, British Airways and the Nova Scotia government. On 6 June, Clop published a statement on their dark web website claiming responsibility for the attack, and set a deadline (14 June) for victims to contact the group to begin negotiations. Although they stated that the data stolen from governments and police services were deleted, the claim was proven to be inaccurate when Clop listed the UK’s Office of Communications (Ofcom) and Ireland’s Commission for Communications Regulation (Comreg) on their website. Since then, the number of disclosures from organizations affected by this attack has been continually increasing, and there seems to be no sign of stopping as of now. With the Clop ransomware group continuing to name more alleged victims on their website. What Victims Have To Beware Of It is important to be aware that with the large amounts of data that Clop possessed, individuals and organizations need to be cautious for phishing attacks and business email compromise (BEC) attacks. Some of the best practices against phishing are being skeptical of unsolicited communications, beware of impersonation tactics, think before you click, verify website security, strengthen your passwords, always keep software up to date, education, use reliable security software. For more information on the above best practices do see this article: Protect Yourself: Best Practices to Combat Phishing Attacks For organizations, this highlights that not only do they have to be aware of their own security, but also they need to be concerned about the security of their third-party vendors. Affected organizations will definitely find this incident to be costly as not only do they need to provide remediation, but also they will need to provide credit monitoring to the affected individuals, and also account for lawsuits. Countering the Threat: A Proactive Cyber Defense This MOVEit mass theft-attack serves as a wake-up call for organizations to reassess their cybersecurity posture and strengthen their defenses against cyber threats. To effectively combat such sophisticated attacks, businesses must adopt a proactive approach centered around cyber resilience:
Takeaway The MOVEit theft-attack underscores the ever-present and evolving threat landscape that businesses face in the digital age. With the number of impacted organizations soaring beyond 516 and the devastating impacts this has on individual victims, it is imperative that organizations remain vigilant and proactive in defending against ransomware attacks. By adopting robust security practices, staying informed, regularly backup critical data, collaborating with experts, and regularly updating all software and systems, organizations can shield themselves from the ominous ransomware spree and ensure a secure and promising digital future. To emphasize,fostering a proactive and resilient approach to thwart cyber extortion attempts is of paramount importance. Through these approaches, we can safeguard our organizations from the relentless attacks of cybercriminals. Securing Your Organization With TAFA With the current cyber environment, organizations are facing increasingly sophisticated cyber threats such as the MOVEit theft-attack. To protect against these threats, it is necessary to utilize cybersecurity solutions that can prevent zero-day and advanced cyber threats, and help ensure regulatory compliance. With our prevention first and zero-trust approach to security using Machine Learning (ML) and Artificial Intelligence (AI), TAFA Shield will strengthen your company's ability to prevent and block cyber attacks and threats. Not only do we protect your endpoints, but we also proactively detect and respond to cyber threats, provide managed SOC services to further improve your security posture, and lastly provide you with professional cybersecurity services that delivers guidance, support and expertise in designing, implementing and managing cybersecurity solutions tailored to your specific needs. Furthermore, with our comprehensive customized vulnerability assessment and penetration testing (VAPT) service, not only do we ensure the safety and security of your organization’s operation and data, but also we ensure that you will meet the required industrial and regulatory compliances. To learn more information about TAFA Shield and our VAPT service, and how we can help your company, do not hesitate to contact us for more information. Related Topics What is Vulnerability Assessment & Penetration Testing (VAPT)? Definition, Benefits & It's Importance The Common Signs Of Being Cyberattacked 7 Types of Cyber Security Measures SMEs Need to Protect Their Business Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|