In today’s fast-moving digital world, the importance of proactive cybersecurity and vulnerability management cannot be overstated. A recent incident that underscores this need is the MOVEit compromise, a sophisticated breach perpetrated against a data transfer software tool that has captured headlines for several months.
During a recent live webinar, Rick Mutzel, Security & Compliance Officer at Omega Systems, delved into the details of the MOVEit compromise, reviewing the severity of its impact and highlighting the significance of a multi-layered security program to mitigate and manage complex vulnerabilities and cybersecurity threats.
The MOVEit Compromise: A Brief Overview
The cybersecurity community has been abuzz with the recent compromise of Progress MOVEit, a managed file transfer application designed to allow businesses to share large amounts of (often sensitive) data, such as social security numbers, medical records, and pension information. This breach has exposed the data of over 60 million victims and over two thousand organizations thus far, with a notable concentration in the United States, particularly within the financial services sector.
The compromise unfolded over several months, starting in late May 2023, when threat actors hacked MOVEit via a zero-day SQL injection vulnerability. (As their name suggests, zero-day vulnerabilities are security flaws exploited by cybercriminals before software vendors can provide a fix – leaving them with “zero days” to respond.) Progress Software, the parent company of MOVEit, disclosed the vulnerability a few days later. Less than two weeks after the initial incident, Russia’s “Cl0p” gang claimed responsibility for the breach and set a date for victims to negotiate ransom payments.
As the compromise continued, additional vulnerabilities in the platform were identified and subsequently addressed through multiple patches released by Progress.
Understanding the Severity of the MOVEit Compromise
The breach had a profound impact on various sectors, with financial services being hit the hardest. An estimated 80-90% of victims were organizations in the United States, and more than 30% of these were within the financial services sector. Healthcare, information technology, government, and military sectors were also hit, underscoring the broad reach of the slow-moving disaster.
To make matters worse, the compromise revealed high levels of risk posed by third-party vendors, with about 60% of victims being indirectly impacted through the use of MOVEit bundled with other applications. Moreover, the number of victims and compromised Personal Identifiable Information (PII) records steadily increased over the last several months, demonstrating the dragging nature of the breach and emphasizing the need for more robust cybersecurity practices across various industries and company sizes.
Lessons Learned and Proactive Security Measures
Even the most robust cybersecurity prevention programs are not fool-proof, and threat actors have demonstrated a continued drive to exploit system vulnerabilities for economic gain. But that doesn’t negate the need for strong cyber protections and security investments to protect against evolving ransomware threats and zero-day vulnerabilities.
As the MOVEit compromise has shown us, there are several necessary security layers to include within a business’s cyber threat prevention program:
- Vendor Risk Management
Before entering into a new partnership (and on a recurring basis), thoroughly vet third-party vendors to ensure they meet your compliance standards and security protocols. Maintain a proactive vendor risk management strategy throughout the partnership to minimize risks associated with third-party applications.
- Vulnerability Management
Adopt a proactive vulnerability management strategy, including routine vulnerability scans, both internally and externally. Regular vulnerability and risk assessments examine your entire attack surface – from workstations, mobile devices and servers to databases, firewalls, and beyond – and help ensure your security controls remain effective against vulnerabilities.
To gain insight into your vulnerability profile, ask your managed service provider (MSP) for a copy of your vulnerability report or contact The TNS Group today to schedule an IT risk assessment.
- Data and Access Management
Implement robust controls to identify where data resides and who has access to it. Maintain a clear understanding of your data landscape, enabling swift action in the event of a breach. When data is compromised – time is of the essence.
- Employee Awareness and Training
Conduct regular employee training to enhance cybersecurity awareness. Employees should be educated on identifying and responding to potential threats, both existing and emerging, curbing the risk of human error.
- Frequent Security Updates
Establish a patch management strategy that allows for immediate approval and deployment of security updates, especially for critical third-party applications. Prompt patching minimizes exposure to known vulnerabilities.
CONCLUSION
The MOVEit compromise is a poignant reminder of the threat landscape organizations navigate today. As cyber threats increase in sophistication and demands from clients, insurers, regulators, and internal stakeholders grow, building or improving your security program can be challenging.
Partner with an award-winning MSP like The TNS Group to enhance your overall security posture, benefit from cost-effective solutions and stay ahead of emerging cyber risks. TNS's complete end-to-end managed security service will give you peace of mind and allow you to focus on your core operations while confidently addressing growing cybersecurity compliance requirements.
Contact our security experts at TNS today to learn more.
EDITOR’S NOTE: This article was originally posted by Omega Systems. The TNS Group joined the Omega Systems family in December 2022.
Categories: Business Continuity Service, Information Technology Services, Managed Security Services, Managed Service Provider, Solution Blogs
