Here comes the latest cyber vulnerability raising concerns for businesses. It has to do with a file-transferring software named MOVEit Transfer. This tool enables companies to transfer files securely between computers internally, or over the internet. Exploiting a vulnerability within this software, hackers can gain unauthorized access to a machine through various means.
A week ago, a ransom gang called Cl0p, associated with Russia, issued a warning to its victims, demanding a ransom within seven days. Failure to comply would result in the group exposing the stolen data online. The threat has further evolved, with a third variant of the virus emerging recently. Companies utilizing MOVEit Transfer should promptly visit this link for instructions on safeguarding their systems.
While the exploitation of this vulnerability gained significant traction in late May, evidence suggests that cybercriminals have been testing it as early as 2021. The critical flaw was first openly recognized by the cybersecurity company Huntress. Huntress, led by its CEO Kyle Hanslovan excels at identifying newly exposed threats, providing valuable insights into the cybersecurity landscape.
Notable victims of this attack include:
The US Department of Energy, which confirmed unauthorized access to its data. Additionally, the hackers targeted the BBC, compromising the payroll information of over 100,000 staff members, as well as British Airways and the pharmacy chain Boots. Transport for London, responsible for operating the public transport system in the UK capital, also fell victim to the attack.
In the US one of the larger victims is the Minnesota Education Department (MDE), which experienced unauthorized access to 24 files, compromising sensitive data of approximately 95,000 students who were placed in foster care. The stolen information includes names, birthdates, and county of placement. Additionally, a smaller group of students had their personal information exposed, including name, date of birth, address, parent name, high school and college transcript data, as well as the last four digits of their social security numbers.
An intriguing aspect of this attack is that the hackers refrained from extorting government agencies. Cl0p explicitly stated on their website that they had deleted all data belonging to government organizations, including cities and law enforcement agencies, and had no intention of exposing such information.
For further technical details about the attack, click here.