SPOT Cybersecurity Tip: Clop Ransomware Gang & Supply Chain Cyber Attack

Cybersecurity Tip from The Fulcrum Group
Click to read more SPOT Cybersecurity Tips on LinkedIn.

Raise your hand if you’ve heard this before. The cybercriminal gang, Clop, orchestrated a ransomware attack against multiple companies and government agencies by exploiting a Zero-Day software vulnerability over the Memorial Day holiday weekend.

The software vulnerability exploited? MOVEit Transfer, an on-premises and cloud software that provides a managed file transfer (MFT) solution, developed by Ipswitch, a subsidiary of US-based Progress Software Corporation, which allows the enterprise to securely transfer files between business partners and customers using SFTP, SCP, and HTTP-based uploads.

BleepingComputer has learned that threat actors have been exploiting a zero-day in the MOVEit MFT software to perform mass downloading of data from organizations.

British Airways, the BBC, and UK pharmacy chain Boots are among the companies whose data has been compromised after cybercriminals exploited a critical vulnerability in deployments of the MOVEit document-transfer app.

British Airways, the BBC, and Boots were not hit directly. Instead, UK-based payroll services provider Zellis on Monday admitted its MOVEit installation had been exploited, and as a result “a small number of our customers” – including the British trio mentioned above – had their information stolen.

The security hole came to light last Thursday, June 1st. And almost immediately security researchers began warning that criminals had been “mass exploiting” the SQL-injection vulnerability in MOVEit for at least a month to break into IT environments and steal data.

The bug has since been assigned a CVE and is now tracked as CVE-2023-34362. The app’s developer Progress patched the flaw on Friday, June 2nd.

This attack highlights a major vulnerability for businesses and government agencies due to Zero-Day vulnerability exploits. A Zero-Day is a security flaw in software, hardware, or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw. The term Zero-Day vulnerability refers to the flaw itself, while Zero-Day attack refers to an attack that has zero days between the time the vulnerability is discovered and the first attack.

Here are a few ways that you can protect your organization against Zero-Day vulnerability exploits.

  • Turn on Windows Defender Exploit Guard – Released by Microsoft in 2010, this tool effectively mitigates Zero-Day exploits through Attack Surface Reduction, Network Protection, and Controlled Folder Access.
  • Strong Patch Management Protocols – Every organization should have a patch management strategy. Employees across the IT operations, development and security teams should have a clear understanding of the strategy and how it might play out within an average workday. Make sure the patching protocol includes Windows device, software applications, and device firmware.
  • Subscribe to Threat Intelligence Feeds – Make sure someone in your organization is reading about the latest cybersecurity threats, and cross-checking the software and systems in your IT environment. When a critical vulnerability is found in your environment, make sure it is patched immediately.
  • Implement End Point Protection with Next Gen Antivirus capabilities – Traditional Antivirus software relies on file signatures for malware detection, which doesn’t help much with Zero-Day exploits. End Point Protection can use AI and Machine Learning heuristics to detect and block Zero-Day exploits on the fly.
  • Implement SOC as a Service or Managed Detection & Response to monitor your IT systems for cybersecurity threats – While a SOC or MDR service can’t always block every cyber threat or attack, they can help you identify that you’ve been attacked SOONER, which is critical in limiting and mitigating the damage to your IT systems (not to mention your reputation and bottom line).
  • Obtain Cyber Insurance – The reality is that many if not most organizations are going to be hit by a cyber-attack at some point. Having Cyber Insurance can help you stay in business by providing you with financial protections.
  • Have an Incident Response Plan – Organizations of all sizes will benefit from having an Incident Response Plan, one that provides an organized process for identifying and dealing with a cyberattack. Having a specific plan focused on zero-day exploits will give you a huge advantage in case of an attack, reduce confusion and increase your chances of avoiding or reducing damage.

Want to learn more about how to protect your organization against Zero-Day exploits and other cyberattacks? Schedule a complimentary Cybersecurity Discovery call with us.