Shell has confirmed in a very brief statement that hackers accessed the personal information of some employees as part of the global MOVEit Transfer tool vulnerability exploitation.
The Clop ransomware group claims on its leak site that it published Shell’s data after the company refused to negotiate, but the links to the 23 archive files labeled ‘part1’ appear to be broken. Shell currently has 86,000 employees around the world, but they did not mention how many of those employees may have been affected or what data was be stolen.
Shell was also targeted by the Cl0p group in 2020, through a zero-day exploit targeting an Accellion file transfer service.
According to Brett Callow, threat analyst at Emsisoft, so far, the vulnerability in MOVEit has pwned this number of organizations:
Carol Volk, EVP, BullWall had this to say:
“According to Brett Callow, threat analyst at Emsisoft, so far, the vulnerability in MOVEit has Affected more than 17.5 million people’s PII. Much of this information will be used in attempts to access networks and some of those attempts will be successful. At this rate of exposure is almost impossible to fully protect networks from intrusion. Get your defenses up – get your backup and containment systems ready, they are definitely coming for the rest of us.”
Stephen Gates, Principal Security SME, Horizon3.ai followed up with this:
“The MOVEit debacle, and associate breaches now impacting 17.5+ million people (and counting), will likely go down in history as proof that organizations must do a better job of immediately applying patches when they are available. When organizations wait to apply patches means the window of opportunity is wide open for attackers.
“Although multiple patches have been available to address CVE-2023-36934, 36933, and 36932, the Clop ransomware group is still making claims that it has compromised data from many organizations. The conclusion one can draw from this is that many organizations have not applied the patches. So why is that probably the case?
- Organizations may be delaying, seeing if there are any new vulnerabilities lying in wait.
- They may be waiting for a final patch to avoid multiple patch cycles.
- They may be waiting for an approved maintenance window to patch.
- They do not believe they are exploitable or that the risk of exploitation is low.
- They are completely unaware of the issue at hand.
“Regardless of their reasoning, organizations are putting tens of millions of people at risk.”
I think it’s more than clear that the MOVEit vulnerability is a “today problem.” Organizations need to patch. And then if new patches come out, they need to patch some more. Alternately they can just dump MOVEit. Either way, sitting on the sidelines is not an option.
Like this:
Like Loading...
Related
This entry was posted on July 7, 2023 at 2:24 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Shell Becomes The Latest Company To Be Pwned By The MOVEit Vulnerability
Shell has confirmed in a very brief statement that hackers accessed the personal information of some employees as part of the global MOVEit Transfer tool vulnerability exploitation.
The Clop ransomware group claims on its leak site that it published Shell’s data after the company refused to negotiate, but the links to the 23 archive files labeled ‘part1’ appear to be broken. Shell currently has 86,000 employees around the world, but they did not mention how many of those employees may have been affected or what data was be stolen.
Shell was also targeted by the Cl0p group in 2020, through a zero-day exploit targeting an Accellion file transfer service.
According to Brett Callow, threat analyst at Emsisoft, so far, the vulnerability in MOVEit has pwned this number of organizations:
Carol Volk, EVP, BullWall had this to say:
“According to Brett Callow, threat analyst at Emsisoft, so far, the vulnerability in MOVEit has Affected more than 17.5 million people’s PII. Much of this information will be used in attempts to access networks and some of those attempts will be successful. At this rate of exposure is almost impossible to fully protect networks from intrusion. Get your defenses up – get your backup and containment systems ready, they are definitely coming for the rest of us.”
Stephen Gates, Principal Security SME, Horizon3.ai followed up with this:
“The MOVEit debacle, and associate breaches now impacting 17.5+ million people (and counting), will likely go down in history as proof that organizations must do a better job of immediately applying patches when they are available. When organizations wait to apply patches means the window of opportunity is wide open for attackers.
“Although multiple patches have been available to address CVE-2023-36934, 36933, and 36932, the Clop ransomware group is still making claims that it has compromised data from many organizations. The conclusion one can draw from this is that many organizations have not applied the patches. So why is that probably the case?
“Regardless of their reasoning, organizations are putting tens of millions of people at risk.”
I think it’s more than clear that the MOVEit vulnerability is a “today problem.” Organizations need to patch. And then if new patches come out, they need to patch some more. Alternately they can just dump MOVEit. Either way, sitting on the sidelines is not an option.
Share this:
Like this:
Related
This entry was posted on July 7, 2023 at 2:24 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.