MOVE-it Cyber Attack (CVE-2023-34362)

Introduction

In June 2023, a cyber attack on MOVE-IT, a file transfer software company, resulted in the exposure of data from hundreds of organizations around the world. The attack was carried out by the Clop ransomware group, who exploited a zero-day vulnerability in MOVE-IT's software.

What is the MOVE-IT cyber attack?

The MOVE-IT cyber attack was a targeted ransomware attack that affected hundreds of organizations around the world. The attack was carried out by the Clop ransomware group, who exploited a zero-day vulnerability in MOVE-IT's software. The vulnerability allowed the attackers to gain access to MOVE-IT's systems and steal data from their customers.

CVE ID : CVE-2023-34362

In Progress MOVE-it Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVE-it Transfer web application that could allow an unauthenticated attacker to gain access to MOVE-it Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.

What data was exposed ?

The data that was exposed in the MOVE-IT cyber attack included personal information, such as names, addresses, and Social Security numbers. It also included financial information, such as credit card numbers and bank account numbers. The data was from a wide range of organizations, including businesses, government agencies, and healthcare providers.

How to protect yourself from the MOVE-IT cyberattacks ?

There are a few things that you can do to protect yourself from the MOVE-IT cyber attack:

• Keep your software up to date. Software updates often include security patches that can help to protect your systems from ransomware attacks.

• Use strong passwords and multi-factor authentication. Strong passwords and multi-factor authentication can help to protect your accounts from being compromised by attackers.

• Educate your employees about cybersecurity risks. Employees should be aware of the risks of ransomware attacks and how to protect themselves.

• Have a backup plan in place. If your systems are encrypted by ransomware, you will need to have a backup plan in place so that you can restore your data.

• Use a security solution that includes ransomware protection. A good security solution can help to detect and prevent ransomware attacks.

What was the impact of the MOVE-IT cyberattack ?

The impact of the MOVE-IT cyber attack was significant. The exposure of personal and financial information from hundreds of organizations has the potential to cause widespread harm. Individuals whose data was exposed may be at risk of identity theft, fraud, and other financial crimes. Businesses that were affected by the attack may also suffer financial losses, as well as damage to their reputation.

Number of known victims of the MOVE-IT attack so far:

433 organizations

22 m individuals

MOVE-it breach victims

Source: KonBriefing Research

Statistics

USA                                         308
Public sector                             22
Colleges & universities             84        
Canada                                     23
Public sector                             13

How can organizations prevent a similar attack ?

There are a number of steps that organizations can take to prevent a similar attack. These include:

• Keeping software up to date. Software updates often include security patches that can help to protect systems from ransomware attacks.

• Using strong passwords and multi-factor authentication. Strong passwords and multi-factor authentication can help to protect accounts from being compromised by attackers.

• Educating employees about cybersecurity risks. Employees should be aware of the risks of ransomware attacks and how to protect themselves.

• Having a backup plan in place. If systems are encrypted by ransomware, organizations will need to have a backup plan in place so that they can restore their data.

• Using a security solution that includes ransomware protection. A good security solution can help to detect and prevent ransomware attacks

Conclusion

The MOVE-IT cyber attack is a reminder of the importance of cybersecurity. By taking steps to protect yourself, you can help to reduce the risk of being affected by a ransomware attack.