Share this
by Barry McIntyre on (July 25, 2023 at 9:57 AM)
As of the 25th of July, research has revealed that 433 organizations and over 22 million individuals were affected by the MOVEit assault conducted by the Cl0p ransomware gang.
The researched released by the cybersecurity research firm KonBriefing was compiled from a variety of sources including announcements from affected organizations, privacy incident reports filed (where published) and reports in the media.
The findings show how the U.S. had the most organizations affected by the attacks, 308 in total. 22 of those were in the public sector and 84 were colleges & universities. Outside of the U.S., the worst effected countries include Germany with 33 organizations falling victim, Canada with 23 and the UK with 19.
Image Credit: KonBriefing Research
Cl0p Ransomware: Chains of Affected Organizations
The attack claimed a number of central service providers resulting in chains of affected organizations. These include chains of two, where for example a service provider was affected resulting in numerous banks and insurance companies then being compromised. Similarly a student register being hit involved numerous universities.
There were also recorded instances of chains of three and instances of organizations being affected multiple times through different service providers in addition to their own installations.
Image Credit: KonBriefing Research
The ongoing revelation of additional victims impacted by cybercriminals who exploited a vulnerability in MOVEit, a widely used file-transfer tool developed by Progress Software, highlights the far-reaching consequences of cyberattacks within supply chains.
According The Wall Street Journal, Progress Software is currently facing a legal battle with no less than 13 lawsuits, accusing Progress of poor cybersecurity.
The majority of the MOVEit attacks seem to have taken place during a critical period between May 30 and May 31. It was during this time that the Cl0p ransomware gang specifically exploited a zero-day vulnerability in MOVEit, which was later identified as CVE-2023-34362.
"While this may not be in the same league as the SolarWinds incident, it's nonetheless one of the most significant hacks of recent years," Emsisoft Threat Analyst Brett Callow told The Register. "The costs will be absolutely massive, including credit monitoring for millions and lawsuits out the wazoo."
What has Been Learned From The Attacks?
Konbreifing Research states how "today's IT systems have a very high level of complexity. This means that vulnerabilities in software cannot be completely avoided, even with the greatest diligence. In addition to traditional IT security, we therefore need concepts to ensure that the effects of such vulnerabilities do not reach these dimensions in future. This includes data economy, so that at neuralgic points such as interfaces, only data is available that is actually needed at that point in time."
You can read the full breach list on KonBriefing Research, including which organizations were affected by the Cl0p ransomware gang attack.