Ransomware Group Knew About MOVEit Zero-Day Since 2021
The Zero-Day Exploitation
Since the discovery of the recently patched MOVEit transfer zero-day affecting the managed file transfer (MFT) software, it has been widely exploited, with at least 100 organizations reportedly compromised. Recently uncovered evidence suggests that the Cl0p ransomware group has known about and tested the vulnerability much earlier than previously thought, possibly since mid-2021. This was discovered by security researchers at risk and financial advisory services firm Kroll, who analyzed Microsoft IIS logs of customers impacted by the recent attacks and discovered similar activity occurring in other client environments from April 2022 to July 2021.
The Ransomware Gang and the Attack
The zero-day exploitation was attributed to the Cl0p ransomware group by Microsoft. The group claimed responsibility for the attacks and posted a message on its website, warning that data from “hundreds of companies” had been stolen and instructing victims to get in touch to avoid their data getting leaked. So far, several victims, including the Nova Scotia government and UK payroll company Zellis, have come forward to confirm they have been compromised.
The Risk and Preparations for Cyberattacks
The new evidence unearthed by Kroll suggests that the Cl0p ransomware group had the MOVIT transfer exploit completed at the time of the GoAnywhere event and chose to execute the attacks sequentially instead of in parallel. These findings highlight the significant planning and preparation that likely precede mass exploitation events. It is a reminder that businesses must take cybersecurity risk seriously to avoid potential devastating outcomes.
Advice
The exploitation of the MOVEit transfer zero-day vulnerability, which seemingly went undetected over many months, highlights the need for organizations to remain vigilant about their cybersecurity. Businesses should regularly and proactively scan all networks and IT infrastructures to identify such vulnerabilities and take immediate action to reduce the risk of exploitation. They should also ensure that up-to-date vulnerability management techniques are applied to all aspects of their IT infrastructure and remain current with all security patches to avoid such breaches.
Editorial
The early discovery and testing of the MOVEit transfer zero-day vulnerability highlight the Cl0p ransomware group’s advanced cyber capabilities and its sophisticated strategies and tactics to exploit security weaknesses in companies. This incident and similar ones over recent months demonstrate that greater investment in cybersecurity is an absolute necessity for all organizations and governments. Moreover, increased international cooperation between countries and state agencies is required to tackle sophisticated crime syndicates that use cyberspace to target critical national infrastructure.
<< photo by Maximalfocus >>
You might want to read !
- “SaaS Ransomware: A New Dimension of Cyber Threats as Sharepoint Online Hit Without Compromised Endpoint”
- “Asylum Ambuscade”: A Group Behind Massive Cybercrime and Espionage Campaigns
- The Rise of SAIF: Google’s New Framework for Secure and Ethical AI Development
- Exploring the New Offer: Google Cloud’s $1 Million Cryptomining Protection
- The Risks and Ramifications of the Stealth Soldier Espionage Attacks in North Africa
- Is It Time to Reassess Our Approach to ESG Appliances? Examining Barracuda’s Urgent Call to Replace.
- The Importance of Movement in a Sedentary World – S3 Ep138
- Unpacking the Implications of North Korean Hackers’ Alleged Involvement in $35 Million Atomic Wallet Crypto Theft.
- “QuSecure’s US Army Contract Marks a Turning Point in Post-Quantum Cybersecurity Solutions”
- “DBST: Exploring the Efficiency of a Lightweight Block Cipher with Dynamic S-box”
- The Rise of Generative AI and the Question of Accountability for Cyber Threats
- “New Cybersecurity Institute in Saudi Arabia: A Smart Move or an Alarming Development?”
- The Lingering Effects of a Cyber Attack: Dallas Struggles to Recover
- Honda’s eCommerce Platform Suffers Data Breach, Exposing Customer and Dealer Information
- Eisai Hit by Ransomware Attack, Suspends Systems Access.