The MOVEit mass hacks will likely go down in history as one of the largest and most successful cyberattacks of all time.
By exploiting a vulnerability in Progress Software’s MOVEit managed file transfer service, used by thousands of organizations to securely transfer large amounts of often-sensitive files, hackers were able to inject SQL commands and access customers’ sensitive data. The attack exploited a zero-day vulnerability, which meant Progress was unaware of the flaw and did not have time to patch it in time, leaving its customers largely defenseless.
The Russia-linked Clop ransomware group, which claimed responsibility for the hacks, has been publicly listing alleged victims since June 14. This growing list includes banks, hospitals, hotels, energy giants and more, and is part of an attempt to pressure victims into paying a ransom demand to stop their data from spilling online. In a post this week, Clop said that on August 15, it would leak the “secrets and data” of all MOVEit victims that refused to negotiate.
This wasn’t Clop’s first mass hack, either; the group has been blamed for similar hacks targeting Fortra and Acellion’s file-transfer tools.
According to Emsisoft’s latest statistics, the MOVEit hack has affected at least 620 known corporates and more than 40 million individuals. Those figures have increased almost daily since the hacks began.
But how high could the numbers go? “It’s impossible to assess at this point,” Brett Callow, a ransomware expert and threat analyst at Emsisoft, told TechCrunch+. “We don’t yet know how many organizations were impacted or what data was compromised.”
Callow pointed out that around a third of the known victims were impacted via third parties, and others were compromised via subcontractors, contractors or vendors. “This complexity means it’s highly likely that some organizations that have been impacted don’t yet know they’ve been impacted,” he said.
While the impact of this hack is unusual because of its scale, the attack isn’t new in terms of its approach. Adversaries have long exploited zero-day flaws, and supply chain attacks have grown prevalent in recent years because one exploit can potentially affect hundreds, if not thousands, of customers.
This means that organizations need to act now to ensure they don’t fall victim to the next mass hack.
Picking up the pieces
For victims of the hacks, it may seem like the damage has already been done and recovery is impossible. But while recovering from an incident like this can take months or years, affected organizations need to act fast to understand not only what types of data were compromised, but also their potential violations of compliance standards or data privacy laws.
Originally published at techcrunch.com