Headlines

Examining Connections Between Ransomware Group and MOVEit Zero-Day, Founding Timing Suspect

Examining Connections Between Ransomware Group and MOVEit Zero-Day, Founding Timing Suspectcybersecurity,ransomware,MOVEit,zero-day,hacking,databreach

Ransomware Group Knew About MOVEit Zero-Day Since 2021

The Zero-Day Exploitation

Since the discovery of the recently patched MOVEit transfer zero-day affecting the managed file transfer (MFT) software, it has been widely exploited, with at least 100 organizations reportedly compromised. Recently uncovered evidence suggests that the Cl0p ransomware group has known about and tested the vulnerability much earlier than previously thought, possibly since mid-2021. This was discovered by security researchers at risk and financial advisory services firm Kroll, who analyzed Microsoft IIS logs of customers impacted by the recent attacks and discovered similar activity occurring in other client environments from April 2022 to July 2021.

The Ransomware Gang and the Attack

The zero-day exploitation was attributed to the Cl0p ransomware group by Microsoft. The group claimed responsibility for the attacks and posted a message on its website, warning that data from “hundreds of companies” had been stolen and instructing victims to get in touch to avoid their data getting leaked. So far, several victims, including the Nova Scotia government and UK payroll company Zellis, have come forward to confirm they have been compromised.

The Risk and Preparations for Cyberattacks

The new evidence unearthed by Kroll suggests that the Cl0p ransomware group had the MOVIT transfer exploit completed at the time of the GoAnywhere event and chose to execute the attacks sequentially instead of in parallel. These findings highlight the significant planning and preparation that likely precede mass exploitation events. It is a reminder that businesses must take cybersecurity risk seriously to avoid potential devastating outcomes.

Advice

The exploitation of the MOVEit transfer zero-day vulnerability, which seemingly went undetected over many months, highlights the need for organizations to remain vigilant about their cybersecurity. Businesses should regularly and proactively scan all networks and IT infrastructures to identify such vulnerabilities and take immediate action to reduce the risk of exploitation. They should also ensure that up-to-date vulnerability management techniques are applied to all aspects of their IT infrastructure and remain current with all security patches to avoid such breaches.

Editorial

The early discovery and testing of the MOVEit transfer zero-day vulnerability highlight the Cl0p ransomware group’s advanced cyber capabilities and its sophisticated strategies and tactics to exploit security weaknesses in companies. This incident and similar ones over recent months demonstrate that greater investment in cybersecurity is an absolute necessity for all organizations and governments. Moreover, increased international cooperation between countries and state agencies is required to tackle sophisticated crime syndicates that use cyberspace to target critical national infrastructure.

Cybersecuritycybersecurity,ransomware,MOVEit,zero-day,hacking,databreach


Examining Connections Between Ransomware Group and MOVEit Zero-Day, Founding Timing Suspect
<< photo by Maximalfocus >>

You might want to read !