- “Ducktail” Hackers Target Facebook - September 28, 2023
- Okta Breach: Super Admin Hack - September 24, 2023
- Rackspace: $10.8M Cloud Shift - September 23, 2023
The ongoing exploitation of vulnerabilities within MOVEit Transfer software has swiftly evolved into the most significant cyberattack of the present year. Cybersecurity firm Emsisoft has revealed that over 1,000 victims have fallen victim to the MOVEit breach, marking not only the largest breach of 2023, but also one of the most substantial in recent memory.
Clop Hack: Unleashing May’s Vulnerability Avalanche
This series of events originated in May when Progress publicly disclosed a zero-day vulnerability in MOVEit Transfer, a platform utilized by numerous organizations to securely transmit sensitive data online. This vulnerability opened the door for attackers, including the Clop hacker group, to infiltrate MOVEit Transfer servers and exfiltrate customer data.
Subsequently, Clop has persisted with attacks and threats of exposing stolen data unless a ransom is paid.
Key statistics regarding the situation:
- As of August 25, Emsisoft has recorded over 60 million victims.
- The majority of victims, at 83.9%, hail from the United States, trailed by Germany (3.6%), Canada (2.6%), and the United Kingdom (2.1%).
- In July, Maximus confirmed that hackers had accessed the confidential health data of 11 million individuals.
- IBM estimates the collective financial toll of the incident to be nearly $10 billion.
- Researchers speculate that Clop might have been aware of the MOVEit vulnerability as far back as 2021.
- In a bid to gather information about Clop, the U.S. State Department is offering a $10 million reward.
- Coveware approximates that Clop could potentially amass up to $100 million from these hacks.
On its “Dark Web” platform, Clop asserts that it refrains from storing government or municipal data, asserting its pursuit is purely financially motivated.