In a recent cyber attack on the MOVEit software, orchestrated by the Russian criminal gang Clop, security experts are now warning that there are likely many more victims than initially thought. Clop has taken a new approach by demanding money or leaking information instead of using ransomware. The gang has posted a threat on the Dark Web, urging affected victims to negotiate by June 14th or risk their private data being leaked online.The Government of Nova Scotia in Canada and the University of Rochester in New York have confirmed that they, too, have fallen victim to the MOVEit cyber attack, becoming the first organizations in North America to be affected. In addition, several other British firms are believed to have been targeted by this attack, signaling a broader impact.The cyber attack exploited a zero-day vulnerability in the MOVEit software, which was being used by various companies to store confidential corporate information in the cloud. Rick Holland, Chief Information Security Officer at ReliaQuest, warns that any company using the MOVEit software should assume that they may have been breached. Current research suggests that there are over 1,000 servers worldwide running unpatched versions of the software, leaving them vulnerable to attacks.The consequences of the cyber attack are still unfolding, and cybersecurity researchers emphasize that the issue extends beyond the initial scope. Clop, which has a history of targeting large organizations, now possesses a significant amount of stolen information. While negotiations are likely underway with affected companies such as the BBC, British Airways, Boots, and Aer Lingus, the exact number of victims and the extent of data compromised are yet to be determined.One concerning aspect is that companies may struggle to detect whether Clop has accessed their systems, even after patching the Microsoft Server flaws and securing their MOVEit software. Enterprises are urged to review server logs for the past 90 days to identify potential breaches, but many companies only retain logs for 30 days, limiting their ability to detect unauthorized access.The nature of Clop’s operations involves extorting companies by threatening to expose their confidential data unless a payment is made. While it’s still unclear how many companies have engaged in negotiations with the gang, Clop’s website on the Dark Web is used to upload data dumps from breached organizations.Employees affected by the data breach should seek further details on the leaked information from their respective companies. British Airways, for example, has provided affected employees with access to a specialist service to detect possible misuse of personal information and provide identity monitoring support.The cyber attack serves as a stark reminder of the ever-present threat of cybercrime and the need for robust security measures. Patching vulnerabilities, maintaining abundant logging, and implementing security monitoring are crucial steps to mitigate risks. It is essential for organizations to prioritize data protection, remain vigilant against emerging threats, and continually update security protocols.As the investigation into the MOVEit cyber attack continues, affected companies must work closely with cybersecurity experts, law enforcement agencies, and regulatory bodies to address the breach, minimize its impact, and prevent future incidents. Ongoing communication and transparency with stakeholders are paramount to restore trust and ensure timely notification to affected parties.Overall, the Clop cyber attack highlights the urgency for organizations to bolster their cyber defenses, prioritize data security, and remain vigilant against evolving threats in an increasingly interconnected world.
Subscribe to our mailing list to get the new updates!
October 20, 2023
October 20, 2023