Data breaches in the United States reach an all-time peak
In the third quarter of this year, a series of significant data breaches have been linked to the exploitation of a critical vulnerability in the MOVEit file-transfer service by Progress Software. The breaches, primarily attributed to the Cl0p ransomware group, have resulted in a multi-extortion ransomware campaign impacting various sectors, including education, finance, insurance, energy, and manufacturing.
The MOVEit Transfer software was targeted through an unpatched vulnerability, allowing hackers to infiltrate organizations and conduct ransomware attacks and data theft. The breach began in the education sector and later expanded to the finance and insurance industries, highlighting the broad impact across different domains.
High-profile companies such as Siemens Energy and Schneider Electric confirmed data breaches linked to the MOVEit attacks, indicating significant exposure even in critical infrastructure and industrial sectors. The exploitation involved vulnerability exploitation combined with unauthorized access methods like VPN and RDP for persistence, typical of advanced threat actors leveraging MOVEit's weaknesses.
The MOVEit compromise represents a notable example of the risks posed by slow patch responses and delayed breach detections, with many critical vulnerabilities remaining unpatched for over 180 days, exacerbating exposure.
While a comprehensive explicit list of the "top 8" MOVEit-related compromises by name or rank is not detailed directly in the search results, the known major incidents and affected sectors in Q3 2023 include:
- A multi-extortion ransomware campaign by Cl0p targeting MOVEit Transfer, affecting education, finance, and insurance.
- Data breach at Siemens Energy via MOVEit vulnerability exploitation.
- Data breach at Schneider Electric linked to the MOVEit attack.
- Widespread attacks on organizations using MOVEit Transfer, involving unauthorized access and ransomware deployment, across multiple business sectors.
Supply-chain attacks are on the rise, accounting for 60% of the data compromises this year. Four of the top 8 data compromises in Q3 2023 were related to a MOVEit attack. Many of the compromises are due to attacks against Progress Software's MOVEit file-transfer service. The majority of these compromises are linked to attacks against 87 organizations.
ITRC's research shows more than 2,100 organizations filed data breach notices through the first nine months of 2023. The number of individuals known to be impacted this year is still lower than the 425 million people compromised in 2022, with a breach at Twitter accounting for over 221 million victims.
James Lee, COO at ITRC, states that supply-chain attacks are a significant factor in the increase in compromises this year. Zero-day attacks were reported in 86 data breach disclosures through the first nine months of 2023, compared to 5 in 2022. The combined exposure of PII due to these data breaches is over 20 million people.
Despite the high number of data breaches, Lee suggests that while there are vast troves of data available as a result of compromises and scams, individuals and collectives should not despair. He suggests stronger vendor requirements and due diligence are needed to reduce the number of supply-chain attacks. The report suggests that the trend of increased supply-chain attacks is likely to continue.
In conclusion, the MOVEit file-transfer service has been compromised multiple times in Q3 2023, primarily through exploitation of a serious security flaw by the Cl0p ransomware group, leading to widespread data breaches and ransomware attacks in multiple key industries. The trend of increased supply-chain attacks is a significant concern, and stronger measures are needed to protect against such attacks.
- The data breaches in Q3 2023, attributed to the Cl0p ransomware group, exploiting a vulnerability in the MOVEit file-transfer service, resulted in a multi-extortion ransomware campaign affecting various sectors, including education, finance, and insurance.
- The MOVEit Transfer software's unpatched vulnerability allowed hackers to infiltrate organizations, conducting ransomware attacks and data theft across multiple sectors, with high-profile companies like Siemens Energy and Schneider Electric confirming data breaches.
- The trend of increased supply-chain attacks, such as the exploitation of MOVEit's weaknesses, highlights the need for stronger vendor requirements and due diligence to reduce the number of such attacks, according to James Lee, COO at ITRC.
