Are you one of 62 million people affected by the MOVEit breach? The MOVEit breach is one of the biggest hacks of 2023, with the Clop ransomware group ransoming thousands of organizations and making away with tens of millions of dollars.
So, what is the MOVEit ransomware attack, and how has it affected so many people?
What Is MOVEit?
MOVEit is a secure file transfer software and service developed by Progress Software, designed to facilitate the secure transfer of sensitive data between organizations and individuals. MOVEit is used by businesses, government organizations, universities, and basically any entity that stores and manages its data, allowing companies to transfer files and data securely to protect them fromunauthorized access or breaches.
However, in May 2023, this stopped being the case as the Clop ransomware group hacked thousands of organizations' data that were making use of MOVEIt for their data.
How Did the MOVEit Breach Happen?
In May 2023, the infamous Clop ransomware group exploited a zero-day vulnerability in the MOVEIt application.
A zero-day vulnerabilityis a software security flaw unknown to the vendor or the public and exploited by attackers before a fix or patch is available. Zero-day vulnerabilities are particularly dangerous because they could be stealthily exploited without the vendor’s knowledge for a very long time. Three vulnerabilities were found, but only one is believed to have been exploited.
The Clop ransomware group discovered multiple SQL injection vulnerabilities in the MOVEit application, allowing them to access the database of organizations and download and view data.SQL injection is a vulnerabilitywhere malicious SQL code is inserted into input fields, exploiting vulnerabilities in a database-backed application. The unauthorized code can manipulate the database, potentially exposing or altering sensitive information.
The SQL injection vulnerabilities are registered as CVE-2023-34362, CVE-2023-35036, and CVE-2023-35708, and were patched on May 31st, 2023, June 9th, 2023, and June 15th, 2023, respectively. All versions of the MOVEit transfer application were vulnerable to these vulnerabilities. When exploited, it allows an unauthenticated attacker to gain access to the content of the organization’s MOVEIt transfer database. This means the attacker can download, alter, or even delete databases without any restrictions.
Although Progress Software patched these vulnerabilities, it was already too late. In the period the zero-day exploit was unknown to the public and vendors, attackers accessed and breached the data of thousands of organizations using MOVEit to manage and transfer their data.
The Impact of the MOVEit Breach
According toEmisoft’s analysisand statistics concerning the MOVEit data breach, as of the 9th of November 2023, 2,659 organizations have been impacted by the MOVeit breach, and over 67 million people have been affected with organizations mainly based in the United States, and Canada, Germany, and the United Kingdom.
Education is the most impacted sector, with the data of numerous universities being siphoned by these attackers. Educational organizations affected by this breach include New York City’s public school system, John Hopkins University, the University of Alaska, and Webster University, among other popular universities. Other sectors greatly impacted by this breach include the health sector, banks, financial institutions, and businesses.
Some of the better-known organizations affected by the MOVEit ransomware include the BBC, Shell, Siemens Energy, Ernst &Young, and British Airways.
On the 25th of September 2023, leading prenatal, newborn, and child registry service,BORN Ontario, released a statement on the MOVEit breach, revealing that they were affected by the MOVEit breach. According to their report, the MOVEit vulnerability allowed unauthorized malicious third-party actors to access and copy files of personal health information contained in BORN Ontario records, which had been transferred using the secure file transfer software.
In response, Born Ontario immediately isolated the system, decommissioned the affected server, and launched an investigation, partnering with cybersecurity experts to ascertain the severity and what specific data was stolen.
Many of these organizations were hacked not because they used the MOVEit application but because they patronized third-party vendors who made use of the MOVEit transfer application, leading to them getting breached as well. It’s a similar situation for other organizations, costing billions of dollars in ransomware payments and other security fixes.
You’ve Been Affected by the MOVEit Breach. What Next?
If you’re still using MOVEit, patch it immediately to the latest version to prevent your files and data from being stolen by these hackers. The internet and the software that uses it are unfortunately prone to hacks and ransomware, and you must keep yourself and your assets secure by changing passwords regularly, using antivirus software, and enabling multi-factor authentication.
Still, as the MOVEit breach shows, you can do all of that, and a team of hackers will find an exploit never seen before.
