Estimated reading time: 1 minute, 26 seconds

How Big Was the MOVEit Hack and What Can Security Pros Learn?  

A few months after the mass exploit of a zero-day vulnerability in Progress Software’s popular MOVEit file transfer tool first surfaced over Memorial Day weekend, the hack has positioned itself as the year’s largest.

russia 1020934 640smallEmisoft and KonBriefing now put the tally of organizations affected by the attacks at more than 1,000, as Cybersecurity Dive reports. According to Emisoft, around 60 million individuals have fallen victim to the hack.

As Security Week notes, those figures include people indirectly as well as directly affected by the hacks. A hack of financial and pension research service provider Pension Benefit Information alone touched millions of individuals via several organizations, such as Seattle-based actuary and consulting firm Milliman.

Among the organizations where more than one million people may have had their information exposed were the Louisiana Office of Motor Vehicles, Colorado Department of Health Care Policy and Financing, Oregon Department of Transportation, Teachers Insurance and Annuity Association of America and Genworth.

The Russian-linked ransomware group Cl0p, which claimed responsibility for the MOVEit hack, has reportedly hoovered up an estimated $100 million for its efforts. Cl0p has also begun leaking data of victims that won’t pay its ransoms.

As Bleeping Computer reports, one lesson for cybersecurity pros is to map their software supply chain to better anticipate potential weak links that could be targets for threat actors. Improving third-party risk management and moving toward a zero-structure are other suggested takeaways, along with choosing continuous penetration testing.

As TechCrunch reports, estimates of the financial damage from the hack range from around $10 billion to $65 billion.

Class action lawsuits have already started to pile up against financial firms caught up in the exploit, including TD Ameritrade, Charles Schwab and Prudential, as Dark Reading reports

Read 1122 times
Rate this item
(0 votes)

Visit other PMG Sites:

PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.