SecureWorld News

MOVEit Vulnerability Exposes Millions as List of Victims Grows

Written by Drew Todd | Thu | Jun 29, 2023 | 7:16 PM Z

The cybersecurity landscape is reeling from the aftermath of a widespread attack caused by a vulnerability in the popular file transfer tool, MOVEit Transfer. Hackers have taken advantage of this security flaw, launching a series of attacks that have impacted numerous organizations across various sectors, exposing the personal data of millions of individuals.

The MOVEit vulnerability attracted the attention of the notorious CL0P ransomware gang, which has been behind the recent wave of attacks. More than 140 known victim organizations have fallen prey to the CL0P data theft and extortion attempts, and the scale of the attacks continues to escalate.

While only 10 organizations have confirmed the number of affected individuals so far, the count has already exceeded 15.5 million people, according to TechCrunch.

CL0P cleans house with MOVEit vulnerability

Among the victims, approximately 3.5 million Oregon driver license holders and around six million Louisiana residents have been impacted. Other affected parties include members of the California Public Employees' Retirement System, clients of Genworth Finance, customers of Wilton Reassurance, beneficiaries of the Tennessee Consolidated Retirement System, and customers of Talcott Resolution.

Among the recent high-profile victims are major energy corporations Schneider Electric and Siemens Energy. Both companies have confirmed being targeted by the MOVEit breach, although the extent of the data compromised remains unclear. Siemens Energy has reassured that no critical data has been compromised and operations have not been affected, while Schneider Electric continues to investigate the incident.

Government entities have also suffered because of the vulnerability. Federal agencies, including the Department of Energy, have reported being affected by the MOVEit vulnerability. The U.S. Department of Health and Human Services (HHS) disclosed an incident involving the exposure of sensitive information for more than 100,000 individuals.

The education sector has not been spared, either. The National Student Clearinghouse, a non-profit organization collaborating with thousands of schools, found itself at the center of a potentially significant breach. Multiple universities, including the University of California, Los Angeles (UCLA), have also fallen victim to the attacks. It was also reported that 45,000 New York City public school students had their information exposed due to the vulnerability.

The scope of the breach extends beyond the United States, with victims in Europe and other parts of the world. CL0P has targeted banks, consultancy and legal firms, and energy giants, adding them to its growing list of victims.

Timothy Morris, Chief Security Advisor at Tanium, discussed the MOVEit breach with SecureWorld News:

"The number of victims of data thefts of using the MoveIT vulnerability aren't fully known. CL0P has used double-extortion attacks in the past by stealing and encrypting data, refusing to decrypt, and leaking or selling the exfiltrated data.

This is the trend with ransomware criminal gangs. Extortion is more lucrative than encryption-based ransomware alone. It is suspected that CL0P has already stolen lots of data from many victims, while encryption hasn't happened, how much data and from whom is still not been determined. They have used vulnerabilities in other file transfer software to plunder data."

The magnitude of this breach underscores the urgent need for organizations to prioritize cybersecurity measures and bolster their defenses against such vulnerabilities. Incident response plans, regular vulnerability assessments, and robust patch management practices are essential in mitigating risks posed by cyberattacks.

State Department offers $10M for info on CL0P ransomware

In response to these attacks, the U.S. State Department has offered a reward up to $10 million for information leading to the apprehension of the CL0P ransomware group as part of it Rewards for Justice program.

Craig Jones, Vice President of Security Operations at Ontinue, shared his thoughts on this decision:

"The State Department's recent decision to offer a $10 million bounty for information on the CL0P ransomware gang is a noteworthy step. The strategy reflects the significance of the threat posed by the CL0P gang, and it also indicates the government's determination to disrupt their operations.

In theory, a large bounty could incentivize insiders or other knowledgeable individuals to provide crucial information. This strategy could backfire in several ways. One potential downside is that it could inspire other cybercriminals who see the large bounty as an indication of how lucrative their activities can be.

It could also potentially legitimize ransomware gangs in the eyes of some, by treating them as entities worth negotiating with. Furthermore, there's always a risk that individuals might provide false information in an attempt to claim the bounty."

As the fallout from the MOVEit breach continues to unfold, it serves as a stark reminder that no organization is immune to cyber threats. Heightened vigilance, proactive security measures, and ongoing collaboration between industry, government, and law enforcement are crucial to staying a step ahead of the ever-evolving cyber threat landscape.

Follow SecureWorld News for more stories related to cybersecurity.