SecureWorld News

MOVEit Victims Continue to Pile up as Shell Confirms Breach

Written by Drew Todd | Fri | Jul 7, 2023 | 8:44 PM Z

Raise your hand if your organization uses MOVEit Transfer and has confirmed it's been impacted by the widespread security vulnerability!

If your hand is still down, it's either because they haven't publicly confirmed it or your organization has some of the tightest security protocols out there. If it's the latter, you should be very proud to work for an organization that is a well-oiled security machine.

Speaking of oil, Shell, one of the world's leading energy companies, recently acknowledged that a security incident related to the MOVEit vulnerability has impacted the personal information of its 86,000 employees. The company said in a short statement:

"A cyber security incident that has impacted a third-party software from Progress called MOVEit Transfer, which was running on a Shell IT platform. MOVEit Transfer is used by a small number of Shell employees and customers. This was not a ransomware event. There is no evidence of impact to any other Shell IT systems. Our IT teams are investigating.

Some personal information relating to employees of the BG Group has been accessed without authorisation."

While the exact extent of the breach remains undisclosed, Shell's statement indicates that the tool was used by a limited number of employees and customers. 

If you are an employee of Shell and are shocked or disappointed in this breach, don't feel too bad, because you are now in the same boat as  millions of others.

Brett Callow, a threat analyst at Emsisoft, has highlighted the widespread impact of the MOVEit vulnerability, indicating that more than 214 organizations have been affected, with at least 33 data breach disclosures, compromising the personal information of more than 17.5 million individuals. 

Callow shared the following information on Twitter:

We'll have to wait and see on Monday if these claims from the CL0P cybercrime group turn out to be true.

Surprisingly, this is not the first time Shell has encountered the notorious gang. In 2020, CL0P targeted Accellion's file transfer service users, breaching Shell's systems and gaining access to personal and corporate data. The recurrence of a cyberattack involving the same ransomware group raises concerns about the effectiveness of preventive measures and the need for robust security protocols.

Stephen Gates, Principal Security SME at Horizon3.ai, discussed the MOVEit vulnerability with SecureWorld News:

"The MOVEit debacle, and associate breaches now impacting 17.5+ million people (and counting), will likely go down in history as proof that organizations must do a better job of immediately applying patches when they are available. When organizations wait to apply patches means the window of opportunity is wide open for attackers.

Although multiple patches have been available to address CVE-2023-36934, 36933, and 36932, the Clop ransomware group is still making claims that it has compromised data from many organizations. The conclusion one can draw from this is that many organizations have not applied the patches."

As the fallout from the MOVEit exploit continues to unfold, collaboration between industry, government, and law enforcement becomes vital in mitigating the risks posed by cyber threats.

Follow SecureWorld News for more stories related to cybersecurity.