Over 62 Million Affected with Long-Term Consequences
Millions of individuals risk having their private data exposed due to a massive hack, making it the most significant cyberattack of 2023.
As reported by The Wired, The most significant cyberattack of 2023 extends beyond a single incident, comprising a series of interconnected attacks that accumulate victims at an unprecedented rate.
In the coming months, tens of millions of people may be taken by surprise as their private information is exposed. Unfortunately, many of them may never fully comprehend the magnitude of the problem or how it could potentially impact their daily lives.
Since May, widespread exploitation of a vulnerability in file transfer software known as MOVEit has enabled a network of cybercriminals to steal data from various companies and governments.
Among the victims are significant entities such as Shell, British Airways, and the US Department of Energy. Although Progress Software, the company behind MOVEit, managed to address the vulnerability by the end of May, thereby ending the attack, the data extortion group “Clop” had already caused significant harm.
A Massive Cyberattack Reveals Software Supply Chain Vulnerability in MOVEit.
The government of Ontario confirmed that BORN Ontario, responsible for birth registration, fell victim to a MOVEit-related attack earlier this year. In this incident, cybercriminals gained access to the highly confidential personal information of 3.4 million individuals, including 2 million infants, prospective parents, and those seeking fertility services.
Emily Austin, a security research manager, explains that the vulnerabilities affected two versions of the MOVEit service: the cloud-based service known as MOVEit Cloud and the on-premises version that organizations run on their installations, called MOVEit Transfer. Most of the attacks focused on the latter.
“These companies are conducting their investigations and starting to notify potentially affected customers,” explains the expert.
However, many organizations that experienced data breaches were not direct users of MOVEit; they collaborated with third parties or contractors who utilized the software. This allowed attackers to access data from vulnerable systems regardless of their origin.
Earlier this year, Clop claimed to have compromised over 100 organizations by exploiting a different file transfer tool called GoAnywhere. However, the impact of MOVEit surpasses the number of affected organizations and the quantity of compromised personal data.
According to Emsisoft, approximately 2,167 organizations have been affected by the MOVEit campaign to date. This includes 890 colleges and universities in the US, accounting for 88.8% of the known victims.
Additionally, approximately 1,841 organizations have acknowledged breaches, but only 189 have specified the number of individuals affected by the incident. Detailed data reveals that over 62 million people had their data compromised during the Clop attack wave.
However, since many organizations have yet to disclose the number of affected individuals, and some still need to report the breach, the actual count remains a mystery. He could reach hundreds of millions, according to Emsisoft.
“There are inevitably corporate victims who are still unaware and individuals who have yet to realize they have been impacted”Brett Callowa,threat analyst at Emsisoft.
“MOVEit is particularly significant due to the sheer number of victims, the sensitivity of the obtained data, and the multitude of ways in which that data can be utilized.”
This massive hack underscores the urgent need to strengthen security measures and be prepared for future attacks. As companies continue to rely on widely used data management tools like MOVEit, it is crucial to reinforce security protocols and remain vigilant for any signs of an attack.
Don’t wait until the end of 2023 to protect your company from a cyber attack. The best way to deal with a cyber attack is to prevent it!
We only have 50 coupons available!