Number of MOVEit victims surpasses 77 million with Avast being the latest high profile company impacted
Recent research has unveiled that a vulnerability in the MOVEit file transfer app has affected 2,620 organisations and 77.2 million individuals since May. The Russian-linked ransomware group Clop exploited this flaw, stealing data and extorting organisations. This week, millions more have been notified of potential access, leaks, or both to their information.
The United States has the most victims, with 78.1% of the impacted organisations located there. Canada follows with 14%, Germany with 1.4%, and the UK with 0.8%. The education sector is most heavily affected, constituting 40.6% of these organisations. Health sector organisations make up 19.2%, and finance and professional services account for 12.1%. These findings are based on public disclosures, SEC filings, state breach notifications, and Clop's website data.
Even Gen Digital, the parent company of Norton and Avast, fell victim to this attack. Avast acknowledged a breach involving "low-risk personal information" of three million customers.
Notably, the attack impacted not just private entities but also government organisations. Among them are the BBC, Boots Retail, Alogent, Colorado Department of Health Care Policy and Financing, Welltok, US Department of Energy, Shell Oil, British Airways, Aer Lingus, Genworth, and Estee Lauder.
Progress Software Corporation, responsible for MOVEit, is now under investigation by the US Securities and Exchange Commission (SEC). Additionally, a class action lawsuit has been initiated by Hagens Berman, a consumer rights law firm. Many affected organisations and individuals are seeking damages.
A critical patch has been released to address this vulnerability. It is imperative for organisations to implement this patch immediately to mitigate further risks.
Israeli retailers hit by cyber-attacks as conflict continues
A significant cyberattack on Signature-IT, an Israeli website hosting company, disrupted the online operations of 40 companies, primarily in e-commerce.
The National Cyber Directorate confirmed that the attack targeted Signature-IT's servers, affecting clients like Home Center, Kravitz, and notable firms such as IKEA Israel.
Over the weekend, the online stores of Home Center and Kravitz ceased functioning, with Home Center announcing a "cyber-terrorist attack" and Kravitz simply stating its website was "temporarily inactive". The Cyber Directorate clarified that the websites' shutdowns were due to the attack on Signature-IT, not the companies themselves.
The attackers also accessed mailing lists on Signature-IT's servers, using them to send hostile messages to thousands of Israelis. While no credit card information was stored on the servers, customer data such as names, phone numbers, email addresses, and purchase histories were potentially compromised, raising concerns about future phishing attacks.
The full extent of the cyber attack’s impact is yet to be disclosed, with the Israeli Cyber Directorate considering emergency regulations to address such incidents more effectively. Signature-IT's official response to the incident is still pending.
British Library confirms it was hit by Rhysida Ransomware Attack
The British Library’s significant IT outage in October was confirmed to have been a result of a cyberattack by the Rhysida ransomware gang. Currently, the group is auctioning data allegedly stolen from the national library, with bidding open for the next week. Rhysida has also released a low-resolution screenshot purportedly showing ID scans from the library's compromised system.
The FBI and CISA last week issued warnings about Rhysida's opportunistic attacks targeting various sectors, including education, healthcare, manufacturing, information technology, and government. Rhysida operates on a ransomware-as-a-service model, sharing ransom payments between the group and its affiliates.
The British Library's press office confirmed a leak of internal HR documents and advised users to reset their passwords as a precaution. However, the library has not yet discovered evidence of the attackers accessing other sensitive information.
The library acknowledged the ransomware attack, stating, "We have now confirmed that this was a ransomware attack by a group known for such criminal activity. We are aware that some data has been leaked, which appears to be from files relating to our internal HR information." The full extent of the cyber attack's impact is still being assessed.
SiegedSec Hacktivists compromise US nuclear research labs and steal data
The Idaho National Laboratory (INL), a U.S. Department of Energy nuclear research centre, has confirmed a cyberattack following the online leak of human resources data by 'SiegedSec' hacktivists. INL, employing over 5,700 specialists, is known for its expansive research in various fields, including nuclear energy, cybersecurity for control systems, advanced vehicle testing, bioenergy, and robotics.
On Monday, SiegedSec declared they had accessed INL's data, leaking details of "hundreds of thousands" of employees and system users. This leak, which includes names, birth dates, email addresses, phone numbers, Social Security Numbers, physical addresses, and employment information, was posted on hacker forums and a Telegram channel without any ransom demands or negotiations.
SiegedSec also shared screenshots as alleged proof of their breach, showing internal INL tools and the creation of a custom announcement about the breach within INL's system.
INL has not yet issued a formal statement but confirmed the breach through a spokesperson, who stated that it affected servers supporting the Oracle HCM system used for HR applications. Immediate actions were taken to protect employee data, and the incident is under federal investigation.
Although no nuclear research data was reportedly accessed or disclosed, the breach at INL, a critical part of U.S. infrastructure, is expected to draw increased law enforcement attention to the activities of SiegedSec.
