Cybercrime Hits Global Supply Chain, Affecting Major Corporations

Introduction

A Russian cyber-extortion gang, Cl0p, has hacked the MOVEit file-transfer program, which is a popular application used by corporations to securely share files. The targeted program’s parent company, Progress Software, was quick to react and alerted its customers of the breach and issued a patch. However, cybersecurity researchers suspect that scores, if not hundreds, of companies have already had their sensitive data stolen. The gang has claimed it has targeted hundreds of victims including BBC, British Airways, and Nova Scotia’s government, among others. The U.S. and British cybersecurity officials have issued advisories, stating that the impact of this breach could be widespread globally.

Extent of the Breach

The move by Cl0p, one of the most prolific cybercrime syndicates globally, to hack the MOVEit file-transfer program, could have worldwide ramifications. Caitlin Condon, senior manager of security research at the cybersecurity firm Rapid7, said via email that the attack has impacted a wide range of organizations including health care, financial services, technology, manufacturing, insurance, and government. As regulatory reporting requirements come into play, more firms can be expected to disclose their data theft. Analysts believe that this is potentially one of the most significant breaches of recent years, and its full extent will be known as more affected companies come forward.

Supply Chain Breach

The vulnerability of supply chain breaches is that if a single software provider gets compromised, hundreds or thousands of companies could be affected. Zellis, one of the largest payroll providers in the U.K., which serves British Airways, BBC, and hundreds of other organizations, was among the impacted users. The company stated that a few of its customers were affected by the breach. The BBC disclosed via email to all its U.K. staff and freelancers that data, including birthdates, national insurance numbers, and addresses were disclosed, but bank account details were untouched. It affirmed that there is no evidence of the data being exploited. Boots, the U.K. drugstore chain, which employs over 50,000 staff, stated that it had notified its employees of the hack. Nova Scotia’s government also confirmed that it was among the victims, and its health authority used MOVEit to share sensitive confidential information.

Cl0p Gang’s Modus Operandi

The Cl0p syndicate is notorious for targeting file-transfer programs for extortion, as it did with Accellion File Transfer Application devices in 2020 and 2021, and GoAnywhere servers earlier this year. Even though it claims not to target governments, cities, or police agencies, cybersecurity experts suggest this is only a ploy to escape direct conflict with law enforcement. The U.S. Cybersecurity and Infrastructure Security Agency and the FBI have jointly issued advisories stating that the Cl0p gang has breached over 3,000 U.S.-based organizations and 8,000 global organizations. They also added that based on Cl0p’s past campaigns, unpatched software services on both private and public networks can expect to be widespread too.

Philosophical Discussion

The Cl0p cyber-extortion gang’s recent breach of the MOVEit file-transfer program highlights how crucial it is to ensure the security of software supply chains. The vulnerability of supply chains has gained increased visibility in recent years, with several high-profile breaches impacting a wide range of organizations, globally. Cyber supply chain attacks are a complex threat, and traditional security measures may not be enough to curb them. Organizations must ensure that they have robust security measures in place and have an accurate inventory of all the software they use in the organization. Only then can they identify vulnerabilities in their supply chain and take action to mitigate them.

Editorial

The recent cyberattack on the MOVEit file-transfer program is yet another reminder that cybersecurity is a shared responsibility. Organizations worldwide must recognize that an attack on one affects us all. It is, therefore, vital that both public and private companies are proactive when it comes to cybersecurity measures. This breach also highlights the importance of having an accurate inventory of all the software used by an organization; organizations can remediate vulnerabilities only if they know what they have. Firms must ensure that all software vendors have the highest traffic security standards and should work with their vendors to ensure that they have implemented robust security measures.

Advice

Organizations worldwide must take adequate measures to secure their supply chains by:

• Ensuring that all software vendors have implemented the highest security standards.
• Deploying software control solutions that enable the organization to see all the software running on their infrastructure.
• Monitoring for vulnerabilities and implementing robust security protocols as part of a proactive defense strategy.
• Having an incident response plan in place to respond quickly should an attack occur.
• Regularly backing up data and stored backups securely.

Organizations must also prioritize cybersecurity education and training for their employees to ensure that they are aware of the risks and their role in securing the organization. Cybersecurity is a shared responsibility, and everyone has a part to play in ensuring the security of our digital world.