The tail of the MOVEit hack may be longer than we realize
July 18, 2023 – Published on SC Media
The total number of organizations compromised by the MOVEit hack remains a mystery.
The Cl0p extortion group, which exploited at least one of the vulnerabilities in Progress Software’s popular file transfer service, has been publishing a steady drip of what it claims are newly identified victims daily. So far, there are no signs that the pace of reported incidents is slowing since the breach was disclosed in May.
Cl0p has posted the names of hundreds of companies, state and local governments, universities and other organizations on its dark web leak site. It’s threats include leaking the data of any alleged victim if payment demands are not met. Meanwhile dozens of organizations have confirmed through media reports, public statements or regulatory disclosures that their data was indeed stolen.
That puts MOVEit in rarefied air as the most widespread file transfer hack recorded. But the daily stream of newly disclosed impacted companies has many security experts asking where the bottom is, and when Cl0p may finally exhaust its pool of companies to extort. Thus far, Cl0p is the only group that cybersecurity experts have seen exploiting one of the vulnerabilities, but Progress Software has announced a slew of similar SQL bugs in the past two months.
While awareness of software supply chain entanglement has risen among businesses and policymakers in recent years, security experts say hacks like MOVEit provide a stark reminder of how frequently organizations rely on and share data with third-party providers. That complex web of dependencies can result in organizations being exposed to a hack without even knowing it.
“Connections between systems have eased the ability to move data between organizations, but have certainly added complexity when it comes to application security and the consequences of a successful attack vector,” Kristen Bell, an application security expert at GuidePoint Security, told SC Media.
Bell notes that our information is now stored by banks, hospitals, doctors offices, local, state and federal agencies, among other sources. Being able to easily share data from master records has given us the ability to leverage master or single source data rather than having to duplicate it in multiple places. The flip side of that coin is that data is much harder to protect in transit than it is to protect at rest.
Read More HERE.