The MOVEit hack moves on

The Clop ransomware gang has started the process of extorting organisations that they compromised through exploiting the zero-day flaw in MOVEit the corporate file sharing software. Among the thirteen companies listed on Clop’s data leak website is Shell and the University of Georgia.

Clop ransomware gang starts extorting MOVEit data-theft victims (bleepingcomputer.com)

This follows the announcement by Zellis, a payroll and HR specialist, that it had been breached by the Clop gang. That led to the compromise of information belonging to the BBC, Aer Lingus and Boots.

Now an SQL injection flaw has been found in MOVEit:

MOVEit Transfer customers warned of new flaw as PoC info surfaces (bleepingcomputer.com)

Progress Software Releases Security Advisory for MOVEit Transfer Vulnerability | CISA

Your takeaway from is have an incident response plan for cyber incidents – which you regularly discuss and practise. Because zero-day flaws are out there.

Clive Catton MSc (Cyber Security) – by-line and other articles

My advice: Either you or your IT support need to check whether these issues impact your systems. You need to have a master document that details your systems, hardware, software, online, networks, back-ups, suppliers etc – so when cyber security (or operational) issues arise you and your support teams can quickly check if you are affected. From there you can take fast, effective action.

CISA also releases industrial control system advisories – if you are responsible for these types of systems you should monitor their news page:

Current Activity | CISA

Further Reading

Incident Response – Talk about bad timing! | Octagon Technology

MOVEit flaw – Excellent cyber advice from the BBC | Smart Thinking Solutions

Please Note:

I am on the road and away from the office, so the news this week is “in brief”. You can still contact me via the contact page and Octagon Technology.