If you thought major ransomware attacks were a thing of the past, after the Colonial Pipeline hit - think again. A sprawling, global cyber attack recently hit US federal and state government as well as international, private targets, thanks to a flaw in a popular file-transfer software.
What went wrong, and what can you do to protect your information assets?
The latest cyberattack has a global reach
Indeed, on June 15, Russian cybercriminals struck businesses, universities, and, of course, government agencies, in what’s now become a familiar pattern of wide-ranging cyber war.
Commenting immediately after the hit, Cybersecurity and Infrastructure Security Agency (CISA) officials in the U.S. noted that a number of federal agencies had “experienced intrusions,” and it was likely businesses had, as well.
State government officials, for their part, announced that millions of people in Louisiana and Oregon had had their data compromised.
The states might not have pointed fingers, but federal officials believe the attacks were part of a broader hacking campaign. And that campaign, perpetrated by the notorious Russian ransomware gang, Clop, exploited the same software vulnerability.
Nor were Louisiana and Oregon the only states targeted in the U.S. State governments in Minnesota and Illinois were also investigating potential intrusions.
Assets compromised in Oregon seemed to be more significant, though. There, state agencies have reported that 3.5 million residents with driver’s licenses or state ID cards had been impacted.
The attack hit private companies
The business community hasn’t been spared by the Clop gang, either, who claimed credit for a prior hit on BBC and British Airways, according to CNN reporting.
The gang might also have hit high-profile academic targets. Johns Hopkins University has reported that sensitive personal and financial information, including health billing records, may have been stolen.
Likewise, Georgia’s entire state-wide university system was also investigating the “scope and severity” of the hack.
What vulnerability was exploited?
So, what happened in this latest hack? According to Tech Radar, Clop targeted a vulnerability in the widely used MOVEit file transfer software, then proceeded to steal data from underlying databases.
For its part, the software maker, Progress Software acknowledged the new vulnerability and allegedly warned customers for weeks, going so far as to release a security advisory in early June about the risk of unauthorized access to systems.
Now, the U.S. Government is offering its own bounty of USD 10 million for information linking the ransomware gang, or any other malicious cyber actors targeting U.S. critical infrastructure, to a foreign government, inclusive of any “information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against US critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA).”
Add to that, a joint Cybersecurity Advisory by CISA and the Federal Bureau of Investigation (FBI) went out, offering a series of protective measures to help reduce the impact of the attacks.
What’s in it? It calls on entities to:
- Take an inventory of assets and data, identifying authorized and unauthorized devices and software
- Grant admin privileges and access only when necessary, establishing a software allow list that only executes legitimate applications
- Monitor network ports, protocols, and services, activating security configurations on network infrastructure devices, such as firewalls and routers
- Regularly patch and update software and applications to their latest versions and conduct regular vulnerability assessments
Indeed, we’ve heard similar calls for enhanced cyber resilience following previous ransomware attacks. So, what else can organizations do to ensure cyber resilience? Download our Introductory Guide to Cyber Resilience to find out.