191 views 16 secs 0 comments

Dissecting the MOVEit breach: Lessons learned from the ransomware attack

In Data Breach News, News
September 11, 2023
Dissecting the MOVEit breach: Lessons learned from the ransomware attack

The MOVEit data breach, discussed in an earlier post, continues to make headlines. As SDX reports:

Orchestrated by ransomware gang CL0P exploiting a zero-day vulnerability, it is now considered one of the largest hacks of 2023 — and potentially in recent history. To date, it is known to have impacted more than 1,150 organizations and nearly 56 million individuals, putting its global cost at close to $11 billion.

As Alex Holden of Hold Security commented, pushing data to the cloud too quickly can leave data vulnerable. Holden didn’t mince any words in criticizing the software:

MOVEit had fallacies in its legacy products that had not been given proper care or monitoring, Holden said. There was also a lack of webroot file monitoring and quantitative analysis that could have identified the massive transfers CL0P was making.

“Very sophomoric-level vulnerabilities found within MOVEit software led to this whole demise,” said Holden.

Read the article at SDX Central.