Enterprise Security Tech: US Government Agencies Amongst Victims of Global Cyberattack Exploiting Software Vulnerability

NetSPI EMEA Senior Security Consultant Tyler Sullivan comments on the MOVEit CVE in Enterprise Security Tech. Read the preview below or find the full article at https://www.enterprisesecuritytech.com/post/us-government-agencies-amongst-victims-of-global-cyberattack-exploiting-software-vulnerability.

+++

While the Russian hackers were the first to exploit the vulnerability, experts warn that other groups might now possess the necessary software code to conduct similar attacks. The CLOP group had initially set a deadline for victims to contact them regarding ransom payments. Afterward, they began listing additional alleged victims on their dark web extortion site. However, as of the latest update, no US federal agencies were listed. The hackers even reassured government entities by stating that they had erased all their data and had no intention of exposing such information.

The CLOP ransomware group is part of a larger collection of gangs primarily based in Eastern Europe and Russia, notorious for their focus on extracting significant sums of money from their victims.

This latest cyberattack highlights the extensive impact that a single software vulnerability can have when exploited by skilled criminals. The hackers, a well-known group that emerged in 2019, began exploiting a new flaw in MOVEit, a widely used file-transfer software, in late May. Their approach appeared opportunistic, targeting as many vulnerable organizations as possible and leaving them susceptible to extortion.

Progress, the US company that owns MOVEit software, has advised victims to update their software packages and has issued security recommendations to mitigate the risks.

Tyler Sullivan, Senior Security Consultant, NetSPI provided insights on how a shift in security strategy implementation could help thwart this type of threat in the future:

“To slow third-party software vendor-based attacks, a paradigm shift is required, from standard perimeter-based networks to a Zero Trust architecture. Additionally, it’s critical for organizations to minimize the attack surface and reliance on the supply chain – this means decreasing the amount of third parties used and regularly auditing them for any security gaps.

There is not a single responsible party for the supply chain, it’s down to the vendors, the repositories, the software consumers and the developers. The second half of 2023 should be when we see meaningful progress by all parties involved to control the supply chain and ensure it can be used in a secure way.”

You can read the full article here!