If you thought I was done with news on the the MOVEit vulnerablity, here’s another one.
Several US federal government agencies have been affected by the global cyberattack involving the MOVEit vulnerability and officials expect several hundred companies will also become impacted. In a statement to CNN, Eric Goldstein, CISA’s executive assistant director for cybersecurity, said that CISA “is providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications.”
There were two Department of Energy victims: 1) Oak Ridge Associated Universities, a not-for-profit research center, and 2) Waste Isolation Pilot Plant – a contractor which disposes atomic energy waste.
CISA’s response comes as Progress Software said it had discovered a second bug in the code that the company was working to fix.
“We have communicated with customers on the steps they need to take to further secure their environments and we have also taken MOVEit Cloud offline as we urgently work to patch the issue,” Progress Software said in a statement.
The ransomware group had given victims until 6/14 to contact them about paying a ransom, after which they began listing victims on their extortion site. As of 6/15, the dark website did not list any US federal agencies, but instead the hackers wrote in all caps:
“If you are a government, city or police service do not worry, we erased all your data. You do not need to contact us. We have no interest to expose such information.”
Willy Leichter, PV of Marketing, Cyware leads off with this comment:
“This is another frightening example of the risks of attack through supply chains. Our best defenses can be bypassed if we’re relying on vulnerable software for critical tasks, such as transferring large data files. We must find ways to extend our security intelligence and best practices to suppliers to close this gaping hole.”
Roy Akerman, Co-Founder & CEO, Rezonate follows up with this:
“The MOVEit vulnerability was fast to turn from discovery to active exploitation in the field. Available proof of concepts of RCE exploitation increased the risk and organizations are called to take immediate action, in particular federal government agencies. Ransomware groups are known to adopt the latest infiltration techniques before patching is completed, especially when there are multiple patches that are rolling out as further details become available. We are closely monitoring for any further developments related to this SQL injection vulnerability that is actively exploited.”
That’s the last MOVEit story for today. But I am pretty sure there will be more in the days to come.
Related
This entry was posted on June 17, 2023 at 8:40 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
US Department Of Energy Part of Global Cyberattack Involving The MOVEit Vulnerability
If you thought I was done with news on the the MOVEit vulnerablity, here’s another one.
Several US federal government agencies have been affected by the global cyberattack involving the MOVEit vulnerability and officials expect several hundred companies will also become impacted. In a statement to CNN, Eric Goldstein, CISA’s executive assistant director for cybersecurity, said that CISA “is providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications.”
There were two Department of Energy victims: 1) Oak Ridge Associated Universities, a not-for-profit research center, and 2) Waste Isolation Pilot Plant – a contractor which disposes atomic energy waste.
CISA’s response comes as Progress Software said it had discovered a second bug in the code that the company was working to fix.
“We have communicated with customers on the steps they need to take to further secure their environments and we have also taken MOVEit Cloud offline as we urgently work to patch the issue,” Progress Software said in a statement.
The ransomware group had given victims until 6/14 to contact them about paying a ransom, after which they began listing victims on their extortion site. As of 6/15, the dark website did not list any US federal agencies, but instead the hackers wrote in all caps:
“If you are a government, city or police service do not worry, we erased all your data. You do not need to contact us. We have no interest to expose such information.”
Willy Leichter, PV of Marketing, Cyware leads off with this comment:
“This is another frightening example of the risks of attack through supply chains. Our best defenses can be bypassed if we’re relying on vulnerable software for critical tasks, such as transferring large data files. We must find ways to extend our security intelligence and best practices to suppliers to close this gaping hole.”
Roy Akerman, Co-Founder & CEO, Rezonate follows up with this:
“The MOVEit vulnerability was fast to turn from discovery to active exploitation in the field. Available proof of concepts of RCE exploitation increased the risk and organizations are called to take immediate action, in particular federal government agencies. Ransomware groups are known to adopt the latest infiltration techniques before patching is completed, especially when there are multiple patches that are rolling out as further details become available. We are closely monitoring for any further developments related to this SQL injection vulnerability that is actively exploited.”
That’s the last MOVEit story for today. But I am pretty sure there will be more in the days to come.
Share this:
Like this:
Related
This entry was posted on June 17, 2023 at 8:40 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.