In the News: Top Stories in Cyber Security+
The MoveIT Breach
MOVEit' reported a significant data breach last month affecting over 100,000 individuals. The hacker group CL0p exploited a vulnerability in MOVEit, a widely-used file-transfer software. The breach, recognized as a supply chain attack, affected hundreds of organizations worldwide, including government agencies, private businesses, and major pension funds. Prominent victims include the U.S. Department of Energy, Ernst & Young, British Airways, and pensioners in Tennessee and California. CL0p now threatens to leak the stolen data online unless a ransom is paid. Progress Software has since released a patch to address the MOVEit vulnerability.
This event reflects a trend in the cybersecurity landscape where attackers target supply chain vulnerabilities. It underlines the need for prioritizing vulnerability mitigation. Notably, Fortra uncovered a similar incident involving GoAnywhere MFT, a managed file transfer solution, in a zero-day supply chain attack in January 2023. Additionally, the Accellion data breach in December 2020 targeted secure file-transfer software, which was a supply chain attack but bot a not a zero-day attack.
These events suggest that ransomware operators are refining their strategies, targeting resources with a high probability of containing sensitive data. They are also simultaneously exploiting a single vulnerability against thousands of organizations.
Back to Top
|