Analysis-MOVEit hack spawned around 600 breaches but isn't done yet - cyber analysts

Analysis-MOVEit Hack Has Caused Around 600 Breaches, But It's Not Done Yet - Cyberneticians

WASHINGTON/SAN FRANCISCO (Reuters) - A Hydra-led attack on the only U.S. software maker has compromised data at about 600 organizations worldwide, according to data from cyber analysts confirmed by Reuters.

But more than two months after the breach was first disclosed by Massachusetts-based Progress Software, the procession of victims has barely slowed. Statistics show that nearly 40 million people have been affected by Progress's MOVEit Transfer file manager hack so far. Now the digital extortionists involved, a group called "cl0p", are becoming increasingly aggressive about dumping their data into the public domain."We're just in the very, very early stages," said Marc Bleicher, Surefire Cyber ​​chief technology officer for incident response. "I think we're going to start seeing real impact and fallout down the road."

MOVEit is used by organizations to send large amounts of often sensitive data: pension information, social security numbers, medical records, billing information and the like. As many of these organizations handled data on behalf of others, who in turn obtained data from third parties, this hack spiraled, sometimes convolutedly.

For example, when cl0p subverted the MOVEit software used by a company called Pension Benefit Information, which specializes in finding surviving family members of pension fund holders, it gained access to data from the New York-based Association of American Insurance and Annuity Teachers, which in turn administers pension programs for 15,000 institutional clients, many of whom have spent the past few weeks informing staff of their exposure."There is a ripple effect," said John Hammond of Huntress Security, one of the first researchers to begin tracking the breach.

Groups like cl0p get hacked with mind-numbing regularity. But the sheer variety of victims of the MOVEit compromise, from New York public school students to Louisiana drivers to California retirees, made it one of the most visible examples of how a single flaw in an obscure piece of software can trigger a global privacy disaster. .

Christopher Budd, a cybersecurity expert at UK firm Sophos, said the breach was a reminder of how interdependent organizations are on each other's digital defences.Progress said it had fallen victim to an "advanced and persistent cybercriminal group" and that it was focused on supporting its customers.

Progress first learned of the compromise the following day, when a customer alerted the firm to the anomalous activity, these sources said. On May 30, the company sent out a warning and the following day released a "patch," or fix, that partially thwarted the hackers' campaign."Many organizations were actually able to deploy the patch before it could be exploited," said Eric Goldstein, a senior official at the US Cybersecurity and Security Agency.

Not all organizations were so lucky. Details on the amount of material stolen or the number of organizations affected are not publicly available, but Nathan Little, whose firm Tetra Defense has responded to dozens of MOVEit-related incidents, estimates that the breach likely affected thousands of companies.

"We may never know the exact detailed number," he said.

Some analysts struggled to follow. By Sunday, cybersecurity firm Emsisoft had a total of 597 victims with 39.7 million people affected.German IT specialist Bert Kondruss came up with similar numbers, which Reuters confirmed by cross-checking with public statements, company filings and cl0p posts.Educational organizations – colleges, universities and even New York City Public Schools – accounted for a quarter of the victims, with Emsisoft and Kondruss counting more than 100 in the US alone.

The exposure went beyond academia.

Drive a car? Together, the Louisiana and Oregon Department of Motor Vehicles discovered that approximately 9 million records were compromised. Retired? Pension management organizations such as the California Public Employees' Retirement System and T. Rowe Price have been breached through pension benefit information. The breach alone at US government contractor Maximus resulted in the compromise of between 8 and 11 million people's records.

Weak silver? Hackers may have absorbed too much data to release.

Alexander Urbelis, senior counsel at New York law firm Crowell & Moring, which has helped victims gauge whether they've been exposed to a hacker dragnet, said the extraordinarily slow download speed from the hacker's dark web is "all but impossible for anyone" — well-intentioned or otherwise - "to access stolen data."

Goldstein, the US official, said that in "many cases" the data had not yet been leaked.Cl0p, who did not return Reuters messages, appears to be trying to up his game. Late last month, it created a website specifically designed to better disseminate the stolen data. Earlier this week, it began sharing data through peer-to-peer networks.

That's bad news for victims, Surefire's Bleicher said."Once that data starts to slowly leak out, more will emerge underground," he said. The impact of the breach, in turn, "is likely to be much greater than we think it is now."

The digital landscape has seen an alarming rise in cyber threats, with one recent incident making waves: the MOVEit hack. The breach sent shockwaves through the cybersecurity community, causing nearly 600 breaches and continuing to pose significant threats. In this article, we delve into the MOVEit hack, its implications, and the ongoing cyber threats it generated, as highlighted by cyber analysts.

MOVEit Hack: Synopsis

The MOVEit hack, a high-profile cyber attack, targeted the widely used file transfer and security software known as MOVEit, developed by Progress Software Corporation. The breach exploited vulnerabilities in the software infrastructure and allowed malicious actors to gain unauthorized access to sensitive data and confidential information.

Spawned Breaches: The Numerical Impact

One of the most disturbing aspects of the MOVEit hack is the sheer amount of breach it caused. According to cyber analysts, nearly 600 reported breaches were attributed to exploiting the MOVEit vulnerability. This staggering number underscores the severity of the hack and its far-reaching implications.

Anatomy of Exploited Vulnerabilities

To understand the scope of the MOVEit hack, it is essential to understand the vulnerabilities that were exploited. The cyber analyst found flaws in the software's encryption protocols, authentication and access control mechanisms. Malicious actors have exploited these vulnerabilities to infiltrate systems, exfiltrate sensitive data, and compromise the integrity of many organizations.

A landscape of ongoing threats

While the initial breach may have occurred some time ago, the effects of the MOVEit hack continue to reverberate. Cybersecurity experts warn that the initial breach served as a springboard for various threat actors to develop and deploy new attack vectors. The cyber landscape remains vulnerable as these attackers continue to refine their techniques and use stolen data to target more victims.

Dynamic Tactics: The cyber analyst notes that attackers have shown remarkable adaptability, adapting their tactics based on evolving security measures implemented by organizations.Increased Phishing Campaigns: As a result of the MOVEit breach, phishing campaigns have increased. Attackers use stolen data to craft convincing emails and messages designed to trick recipients into divulging sensitive information or downloading malicious content.

Supply Chain Vulnerabilities: The MOVEit hack exposed vulnerabilities in software supply chains. Analysts emphasize the need for strict measures to evaluate and secure third-party software solutions to prevent similar incidents in the future.

Zero Trust Architecture: Cyber ​​analysts recommend implementing a zero trust architecture to mitigate the risks posed by persistent threats. This approach involves authenticating every user and device that attempts to access resources, regardless of their location or network.

The MOVEit hack serves as a stark reminder of the ever-evolving nature of cyber threats and the urgent need for robust cybersecurity measures. With approximately 600 breaches and an ongoing threat landscape, organizations must remain vigilant and proactive in protecting their systems and data. By drawing on the insights of cyber analysts and adopting advanced security practices, businesses can strengthen their defenses against the relentless wave of cyber attacks triggered by incidents like the MOVEit hack.