MOVEit Hack - Lessons to be learned

As you may or may not have heard a major data breach occurred with MOVEit who provides a service to allow organisations to store and share files internally or with external resources.

On the 31st of May 2023 MOVEit’s developers disclosed that a breach had occurred through a vulnerability within their systems.

After infiltration of the MOVEit systems the attackers installed a webshell which allowed them to escalate privileges which permitted lateral movement across the MOVEit systems.

This attack was most likely in the planning for some time, we estimate that the attackers CI0p could have been testing the exploit as far back as 2021.

MOVEit has thousands of organisations as users and over 3.5 million developers so the overall impact of this attack is global and widespread.

So what lessons can we draw from this?

1.???No one is safe from attack even those organisations that think they are safe are often proven not to be, don’t forget the Kaseya attack from a while back and others since then. These are larger attacks so they hit the news but there are thousands that don’t see the light of day but just as drastic for those involved.

2.???Are we all at risk – Yes, I think we are, I don’t want to sound alarmist but such events as MOVEit must be a reminder to all of us that are responsible for cyber security that we need to be ever more diligent.

3.???Its sometimes the simple things like patch management which is such a basic function nowadays that catches us out. Every organisation should be performing patch management its not complicated and there are tools out there that more or less will do it for you. If you have an MSP provider, they should most certainly be doing that for you and if they are not “Replace Them”.

4.???Good strong passwords are a must and ensuring that your password reset function is not prone to a vulnerability.

5.???MFA (Multi Factor Authentication) I know most of us hate authenticator apps and enter this and that code but it is for a good reason…..it could save your business.

6.???Are you conducting regular security audits, I bang on about this to all our clients it is one of the best ways to ensure your environment is safe. Think its to expensive! Well compare it to being breached, losing client data, getting sued and losing credibility….still to expensive I think not eh!.

Cyber-attacks are getting more complex because as technology advances and becomes more sophisticated, so do the methods used by cyber criminals to exploit vulnerabilities. AI is already playing a huge part in new tactics by cyber criminals.

Additionally, cyber criminals are constantly developing new and innovative ways to bypass security measures and gain access to sensitive information.

This means that businesses and organisations must also continually adapt and improve their security measures to stay ahead of these threats.

Furthermore, the increasing amount of data being generated and stored online provides more targets for cyber criminals, making it easier for them to identify and exploit weaknesses in the system.

I'd be happy to provide free advice to anyone who needs it on data protection so drop me a message and we can arrange a call.

Have a great weekend.

The ??