- FBI Foils Qakbot Malware - September 13, 2023
- MOVEit: 2023’s Big Hack - September 13, 2023
- “HiatusRAT” Malware Resurfaces, Targets US Military and Taiwanese Entities - September 12, 2023
According to cybersecurity company Emsisoft, the MOVEit Transfer software vulnerability has quickly grown into a significant hack of 2023 with over 1,000 identified victims. This makes the breach one of the most important recent events as well as a notable event this year.
When Progress revealed a zero-day vulnerability in MOVEit Transfer, which is used by several international organizations for secure data transmission, the incident became public in May. Attackers, notably the Clop ransomware organization, were given access due to this vulnerability, allowing for the theft of private information.
As a result of Clop’s assaults and promises to release data unless ransoms are paid, the number of victims, people affected, and expenses are rising.
MOVEit Breach Unveiled: 60M Victims, $100M Potential, and Urgent Cybersecurity Needs
- Emsisoft’s statistics from breach notices and disclosures, as of August 25, showed that there were over 60 million impacted people.
- 83.9% of victims are situated in the United States, followed by Germany (3.6%), Canada (2.6%), and the United Kingdom (2.1%).
- The greatest casualty was a US government services firm named Maximus, which reported 11 million impacted people. The Pôle emploi program of the French government is the next, potentially affecting 10 million people.
- A third of the MOVEit servers that were at risk were connected to financial services.
- Based on IBM statistics, the estimated cost of the breach is $9.9 billion, but considering unreported amounts, it may really be closer to $65 billion.
- Researchers think Clop may have been aware of the exploit as early as 2021.
- A $10 million reward is being offered by the US State Department for information on Clop.
- Coveware estimates that Clop might make up to $100 million from the campaign.
On its Dark Web site, Clop asserts it does not have access to any government information and only has commercial motivations.
The MOVEit hack highlights the dynamic nature of the threat environment and the demand for stronger cybersecurity solutions. The sudden increase in casualties and expenses emphasizes how urgent it is to develop strong defenses against these dangers.