MOVEit Hacks: Valuable Lesson for Software Industry | TechCrunch

It’s time to move it and protect against the next mass hack

Picking up the pieces

The MOVEit mass hacks will likely go down in history as one of the largest and most successful cyberattacks of all time. By exploiting a vulnerability in Progress Software’s MOVEit managed file transfer service, used by thousands of organizations to securely transfer large amounts of often-sensitive files, hackers were able to inject SQL commands and access customers’ sensitive data. The attack exploited a zero-day vulnerability, which meant Progress was unaware of the flaw and did not have time to patch it in time, leaving its customers largely defenseless.

The Russia-linked Clop ransomware group, which claimed responsibility for the hacks, has been publicly listing alleged victims since June 14. This growing list includes banks, hospitals, hotels, energy giants, and more, and is part of an attempt to pressure victims into paying a ransom demand to stop their data from spilling online. In a post this week, Clop said that on August 15, it would leak the “secrets and data” of all MOVEit victims that refused to negotiate.

This wasn’t Clop’s first mass hack, either; the group has been blamed for similar hacks targeting Fortra and Acellion’s file-transfer tools.

According to Emsisoft’s latest statistics, the MOVEit hack has affected at least 620 known corporates and more than 40 million individuals. Those figures have increased almost daily since the hacks began.

But how high could the numbers go? “It’s impossible to assess at this point,” Brett Callow, a ransomware expert and threat analyst at Emsisoft, told TechCrunch+. “We don’t yet know how many organizations were impacted or what data was compromised.”

Callow pointed out that around a third of the known victims were impacted via third parties, and others were compromised via subcontractors, contractors, or vendors. “This complexity means it’s highly likely that some organizations that have been impacted don’t yet know they’ve been impacted,” he said.

While the impact of this hack is unusual because of its scale, the attack isn’t new in terms of its approach. Adversaries have long exploited zero-day flaws, and supply chain attacks have grown prevalent in recent years because one exploit can potentially affect hundreds, if not thousands, of customers.

This means that organizations need to act now to ensure they don’t fall victim to the next mass hack.

Picking up the pieces

For victims of the hacks, it may seem like the damage has already been done and recovery is impossible. But while recovering from an incident like this can take months or years, affected organizations need to act fast to understand not only what types of data were compromised, but also their potential violations of compliance standards or data privacy laws.

The first step in picking up the pieces is to conduct a thorough investigation into the extent of the breach. This includes identifying all systems and networks that were compromised, as well as determining what data was accessed or stolen. Organizations should work with cybersecurity experts to perform a comprehensive forensic analysis to gather evidence and understand the full scope of the attack.

Once the investigation is complete, affected organizations should take immediate action to mitigate further damage. This may involve isolating compromised systems, removing malware, and patching vulnerabilities to prevent future attacks. It is also crucial to strengthen security measures across the entire network to prevent similar incidents from occurring in the future.

In addition to technical measures, organizations should also focus on communication and transparency. It is important to notify affected individuals and stakeholders about the breach and provide them with clear instructions on how to protect themselves. This includes recommending password changes, monitoring financial accounts for suspicious activity, and being vigilant against phishing attempts.

Furthermore, affected organizations should review their existing security protocols and make necessary improvements. This may involve implementing multi-factor authentication, regularly updating software and systems, and conducting regular security audits. It is also important to educate employees about cybersecurity best practices and provide training to ensure they are aware of potential threats and how to respond to them.

In the aftermath of a mass hack, affected organizations should also consider working with law enforcement agencies and cybersecurity experts to track down the perpetrators and hold them accountable. This may involve sharing information and evidence to aid in the investigation and prosecution of the hackers.

Finally, organizations should learn from the incident and use it as an opportunity to strengthen their overall cybersecurity posture. This includes regularly reviewing and updating security policies, staying informed about the latest threats and vulnerabilities, and investing in advanced security technologies to detect and prevent future attacks.

In conclusion, the MOVEit mass hacks serve as a stark reminder of the ever-present threat of cyberattacks. Organizations must take proactive measures to protect their sensitive data and networks from malicious actors. By conducting thorough investigations, implementing robust security measures, and fostering a culture of cybersecurity awareness, organizations can minimize the risk of falling victim to the next mass hack.