Massive Data Breach Exposes Millions As MOVEit Vulnerability Exploited

In recent weeks, a major data breach caused by the exploitation of a vulnerability in the popular file transfer tool MOVEit, by Progress Software, has led to the compromise of sensitive personal information belonging to millions of individuals and a growing number of companies, universities, and government entities and agencies. This alarming breach has affected numerous organizations across various sectors, highlighting the urgent need for enhanced cybersecurity measures. In this Security Advisory nGuard will cover an overview of MOVEit, who is behind the attack, detail the extent of the damage caused by the vulnerability, and offer mitigation strategies to address the issue.
 
MOVEit and the Vulnerability:
MOVEit Transfer, developed by Progress Software, is an enterprise file transfer tool widely used by organizations for secure information exchange. Unfortunately, hackers have recently targeted a vulnerability within MOVEit, resulting in a series of data breaches. The attacks have been attributed to the Cl0p ransomware gang, a group that operates as a ransomware-as-a-service provider. Cl0p’s tactics include the exploitation of software vulnerabilities and employing double-extortion techniques, where stolen data is held hostage unless a ransom is paid.
The vulnerability in MOVEit Transfer allows hackers to gain unauthorized access to sensitive data during file transfers. By leveraging this vulnerability, the Cl0p gang has been able to infiltrate multiple organizations and compromise the security of their data.
There are multiple CVEs associated with the software:

• CVE-2023-25036
• CVE-2023-35708
• CVE-2023-34362

Extent of the Breach and Affected Individuals and Organizations:
The impact from the MOVEit vulnerability has been far-reaching and has impacted a wide range of individuals and organizations. So far, more than 15.5 million individuals have been affected and the list of organizations is growing each day. The following is a list of some of the major organizations affected:

• U.S. Department of Energy
• Ernst & Young
• Siemens Energy
• Government of Nova Scotia
• British Airways
• Oregon Driver’s License Holders: Approximately 3.5 million individuals.
• Louisiana Residents: Roughly 6 million individuals.
• California Public Employees’ Retirement System (CalPERS) Members: About 770,000 individuals.
• Genworth Finance Clients: Between 2.5 and 2.7 million individuals.
• Wilton Reassurance Insurance Customers: Approximately 1.5 million individuals.
• Tennessee Consolidated Retirement System Beneficiaries: More than 170,000 individuals.
• Talcott Resolution Customers: Over half a million individuals.
• National Student Clearinghouse: Potentially significant breach in terms of numbers, impacting numerous educational institutions across the United States.
• U.S. Universities and Schools: Numerous universities have fallen victim to the breach including UCLA, University of Rochester, and Johns Hopkins.
• U.S. Department of Health and Human Services (HHS): More than 100,000 individuals affected, according to congressional notifications.
• Banks, Consultancy and Legal Firms, Energy Giants, and more: Cl0p’s leak site includes numerous additional victims.

The consequences extend beyond individuals, with several notable organizations falling victim to the breach. The University of California-Los Angeles (UCLA), which used MOVEit Transfer to transfer files across campus and to other entities, is among the victims. UCLA spokesperson Margery Grey confirmed the university’s collaboration with the FBI and external cybersecurity experts to investigate the matter. She also stated that impacted individuals have been notified.

Mitigating the Vulnerability:
Given the severity and widespread impact of the MOVEit vulnerability, it is crucial for organizations to take immediate steps to mitigate risks and protect their sensitive data. Here are some recommended strategies:

1. Update and Patch: Promptly update MOVEit Transfer and apply the latest security patches released by Progress Software. Regularly checking for updates ensures that known vulnerabilities are addressed, significantly reducing the risk of exploitation.
2. Conduct Regular Vulnerability Scanning: With nGuard Vulnerability Management, your organization’s Internet perimeter or internal networks are continuously tested for new vulnerabilities. This provides your organization an effective and timely way to manage your security posture on an ongoing basis.
3. Conduct Regular Security Audits: Perform comprehensive security audits to identify potential vulnerabilities within your networks and file transfer systems. This includes conducting penetration tests and vulnerability assessments to proactively identify and address weak points.
4. Implement Multifactor Authentication (MFA): Enforce MFA for accessing file transfer systems to enhance authentication security. Requiring additional verification methods such as biometrics or one-time passwords (OTP), or acceptance of push notifications the risk of unauthorized access is significantly reduced.
5. Employee Awareness and Training: It is critical to promote a top-down approach to the culture of cybersecurity awareness among employees by providing regular training sessions on identifying and responding to threats. These training sessions should include ongoing social engineering assessments. Educate staff on best practices for securely sharing sensitive information.
6. Incident Response Planning: Develop a robust incident response plan that outlines steps to be taken in the event of a data breach. This includes establishing clear lines of communication, involving relevant stakeholders, and implementing recovery procedures to minimize damage and downtime. nGuard has years of experience helping customers create thorough and detailed incident response plans and information security policies custom tailored to their environments, needs, and particular GRC requirements and security standards.
7. Collect Proper Logs: Have a proper Security Information and Event Management (SIEM) tool that collects, analyzes and correlates security event data from various sources to detect and respond to potential cybersecurity threats. This helps organizations improve overall security posture by providing real-time monitoring, threat intelligence, and incident response capabilities.

The MOVEit vulnerability has led to a significant data breach affecting millions of individuals and numerous organizations across various sectors. As the list of victims continues to grow, it is crucial for organizations to take proactive steps to mitigate new vulnerabilities. By following the mitigation provided, organizations can fortify their defenses and safeguard sensitive information from malicious actors. The battle against cyber threats requires collective efforts and ongoing awareness to ensure integrity and security.