Clop gang uses MOVEit vulnerability to target BBC, British Airways and Boots
UPDATED 21:49 EDT / JUNE 07 2023
by Duncan Riley
Days after the U.S. Cybersecurity and Infrastructure Security Agency warned that a critical vulnerability in Progress Software Corp.'s MOVEit file transfer software was actively being exploited, the Clop ransomware gang claims to have used the vulnerability to target various organizations worldwide.
The BBC, itself a victim of the attack, reported today that the Clop group posted a notice on its dark web site warning firms affected by the MOVEit hack to email them before June 14 or stolen data will be published. The report says more than 100,000 staff at the BBC, British Airways Plc and the pharmacy chain Boots UK Ltd. may have had payroll data stolen.
The commonality between them is that they use a company called Zellis UK Ltd. for payroll and it was Zellis that was compromised, as opposed to the companies directly.
"This is announcement to educate companies who use Progress MOVEit product that chance is that we download a lot of your data as part of exceptional exploit," a post purportedly by Clop stated. SiliconANGLE could not confirm the message because Clop's dark website was down at the time of writing. The reported message went on to urge victims to email the group to begin negotiations for payment for the nondisclosure of stolen data.
MOVEit is managed file transfer software designed to provide secure and compliant file transfers for sensitive data within and between organizations. It can automate complex workflows, manage and view all file transfer activities in real time, and ensure reliable and predictable file transfer. It supports secure protocols, including FTPS, HTTPS and SFTP, and offers encryption at rest and in transit.
The software's vulnerability, officially designated CVE-2023-34362, allows an unauthenticated, remote attacker to send a specially crafted SQL injection to a vulnerable MOVEit Transfer instance. Successful exploitation gives an attacker access to the underlying MOVEit Transfer instance. Depending on the specific database engine in use, the attacker can infer information about the structure and contents of the database, leading to data exfiltration.
"This attack is a grim reminder of the sheer value of data in the hands of malicious actors," Javvad Malik, lead security awareness advocate at security awareness training company KnowBe4 Inc., told SiliconANGLE. "Cybercriminals know organizations cannot afford to lose critical data, causing undue pressure to pay large ransoms."
Malik noted that the Clop attack highlights the crushing effect of data breaches on modern organizations. "Organizations must implement robust security measures that include multi-layered cybersecurity defenses, employee cybersecurity awareness training and a tested incident response plan," he said. "The key message remains clear: We must prioritize our data and adequately invest in its protection."
THANK YOU
Clop gang uses MOVEit vulnerability to target BBC, British Airways and Boots
Verizon report finds business email compromise attacks have almost doubled
Azure Government cloud gets access to OpenAI's generative AI models
Meta to take action after investigation finds Instagram algorithm promoted child sex abuse material
Smartsheet shares drop on free cash flow outlook miss
Google brings superior logic and reasoning skills to its chatbot Bard
Clop gang uses MOVEit vulnerability to target BBC, British Airways and Boots
SECURITY - BY DUNCAN RILEY . 39 MINS AGO
Verizon report finds business email compromise attacks have almost doubled
SECURITY - BY DUNCAN RILEY . 1 HOUR AGO
Azure Government cloud gets access to OpenAI's generative AI models
AI - BY MIKE WHEATLEY . 1 HOUR AGO
Meta to take action after investigation finds Instagram algorithm promoted child sex abuse material
POLICY - BY JAMES FARRELL . 1 HOUR AGO
Smartsheet shares drop on free cash flow outlook miss
CLOUD - BY DUNCAN RILEY . 2 HOURS AGO
Google brings superior logic and reasoning skills to its chatbot Bard
AI - BY MIKE WHEATLEY . 2 HOURS AGO
"TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well" – Andy Jassy THANK YOU