Sixty-two clients of Ernst & Young have been identified as victims of the Clop ransomware group’s supply chain attack on the MOVEit file transfer software. The cyberattack resulted in the leak of 3 terabytes of critical information, including financial reports, accounting documents, passport scans, and Visa scans.
Most of the affected organizations are from Canada, with companies such as Air Canada, Altus, and Staples Canada among the victims. The attack, which targeted a vulnerability in MOVEit, was discovered after Clop began exploiting the flaw in late May. Security experts have emphasized the importance of monitoring the data breach ecosystem and implementing robust security measures to mitigate such attacks.
The breach has affected a total of 150 organizations and compromised the personal data of over 16 million individuals. Ian Thornton-Trump, CISO at Cyjax, highlighted that the success of Clop’s unauthorized access to organizations’ data goes beyond exploiting the MoveIT service/appliance.
He stressed the need for active monitoring of data breaches and potential exposure resulting from supply chain partner compromises. The outdated software used by many firms, which is often part of established business processes, is not equipped to withstand the rapid exploit development capabilities of threat actors like Clop.
The discovery of the zero-day vulnerability in the MOVEit Transfer application has exposed additional security flaws, including critical SQL injection vulnerabilities. Progress Software, the developer of MOVEit, reported a critically rated bug (CVE-2023-36934) that allows remote attackers to bypass authentication and execute arbitrary code.
This vulnerability shares similarities with a previously exploited flaw (CVE-2023-34362) used by Clop to exfiltrate data from victim organizations. The importance of implementing robust security measures, such as web application firewalls and access controls, has been emphasized to prevent exploitation of vulnerable services.