The extensive fallout of the MOVEit Hack, has a lingering effect as the total number of compromised organizations are still yet uncertain; curating the data.
A Group which is known as the CI0p extortion group that exploited at least one of the discovered vulnerabilities found in the file transfer service in the Progress Software, has made the news lately as a steady occurrence of what is ascertained as newly identified victims curated daily, and with no sign of slowing down, since the month of May 2023, it was discovered.
The group which posted data comprising of hundreds of companies, state and local governments, universities, and other organization on its dark web leak site, threatened to leak data of the alleged victims, if their financial demands are not met.
It also noted, that more than a dozen organization, have reportedly confirmed through media outlets, and other regulatory disclosures that their data were compromised.
The CI0p ransom group took credit to be responsible for exploiting a weakness discovered in MOVEit Transfer in the month of May. The file transfer application was developed by Progress Software and is said to be used by thousands of organizations globally. It is said that the groups have steadily leaked data belonging to organizations who refused to comply with their ransom demands.
The recent rave puts the hack as one of the most widespread file transfers recorded in history. The organization daily disclosure of impacted companies, gives security expert the urge to ask more questions; when will the group exhaust a list of their victims. This has made it the only group, discovered by cybersecurity experts to be exploiting one of the vulnerabilities. However, Progress software has made a public announcement of a list of similar SQL Bugs in the past two months.
According to SC Media, a Senior Cybersecurity expert at Huntress by the name John Hammond Stated:
“CI0p certainly knows how to drag out the news cycle. The MOVEit Transfer exploitation still seems to be an incident that never dies. Between the Initial infection, the following vulnerabilities that we at Huntress discovered…and of course CI0p’s continued leaking of company data, this has continued for over a month and half now.”
HUNDRED OF ORGANIZATION AFFECTED BY THE MOVEit Breach:
It is confirmed that hundreds of organizations in tune of 370, where affected by this breach. Most interaction on the impact of the hack, has focused on the immediate Progress software’s customers or establishments, that purchased the file transfer services.
Cybersecurity organizations, and companies that investigate software supply chain vulnerabilities believe the potential exposure could go beyond the group.
A researcher at Emsisoft, which has been trailing the lowest level of the impact, keeps watch on every information posted by CI0p website and other public resources. The new record shows that the affected organization is estimated to be 369 in number, and over 93 organizations have been compromised via a third, fourth or even fifth party supplier of the software.
Even thou the impact might not be as an outcome of only those who use the MOVEit File transfer Software, but also by inevitable circumstances, that has become the norm; which organizations send files or data to third-party provider who use the software.
Most organization who was victim of the compromised certainly were not users of the service, but as a result of their business interaction with organizations that do. Companies like Exiger a supply chain risk management; carters for government agencies, banks and a list of organizations, has consistently try to structure the new move of the MOVEit vulnerability disclosure.
The company that scrapes data across the internet, do not only capture companies who purchased the software directly, utilize it, but also those who are in contract and use third party services that utilize the software as well. Other companies like Carahsoft who include the MOVEit in their companies Job requirements, posted in Job search site; requesting candidate with the software experience to apply for the Job.
Information discussed with SC Media, by vice president of cyber risk at Exiger, describes over 73,000 entities were in some type of relationship with MOVEit that certainly expose their data to theft in the Hack.
Although Exiger is not claiming that all the entities were compromised or had their data exposed. The statistics by the organization is to show on a large scale the organizations that could be affected by the vulnerability associated with MOVEit either through the software supply chain or indirectly.
Other organizations whose customers where affected include Zellis, a UK-Based payroll provider, the BBC, Boots, British Airways and Aer Lingus. Zellis reported in June that at least eight of their customers where affected, and Zellis comprising of over 50 organizations who are their customers also affected.
Also, National Student Clearinghouse who partner with over 3,500 schools across the country were also affected.
Vulnerable Organization Exposed: Ensnared in a Complex Web of Dependencies:
The awareness of software supply chain relationships is common amongst businesses and policy makers over the years. Security experts reports that hacks like MOVEit gives an insight on how organizations are dependent on and transfer files with third-party providers.
The internet as a complex world, result into hack taking place with the affected organization knowing about it. Users’ details and personal information’s being stored by financial institutions, healthcare facilities, government agencies, and other institutionalize system, makes it easy for data sharing from an origin master source. However, the down side is that data in motion (transit), is harder to protect, compared to data at rest, and it is inevitable that issues of such hack, will continuously emerge, and the means to protect it easily might be difficult to or not even achievable to protect with regards to the use of third-party software.
Please do let us know in the comment section what are your thoughts about this.