Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Posts
Filter by Categories







MOVEit Hack: Further Insights and Implications

Executive Summary

Last week, a report by cybersecurity firm Sophos and VPN service provider AtlastVPN revealed that education was the most targeted sector in ransomware attacks.

Educational institutions, particularly in the US, have become prime targets for cyberattacks, with 70 to 80% experiencing ransomware attacks in 2022.

The MOVEit hack, affecting nearly 900 US schools, underscores the vulnerability of educational institutions.

Sensitive student records were stolen in the MOVEit data breach, which was discovered on June 20.

National Student Clearinghouse, a network comprising 3,600 colleges/universities and 22,000 high schools, confirmed the breach.

About MOVEit

MOVEit is a managed file transfer software developed by Progress Software Corp, widely used across sectors for sharing information.

The platform offers cloud-based file transfer management software and runs in virtual environments.

Targeting Educational Institutions and Beyond

The MOVEit platform suffered a cyberattack on May 31, 2023, with Cl0p ransomware, impacting 2,053 organizations and 57,624,249 individuals as of September 22, 2023.

Over 90% of the impacted organizations were in the US.

The National Student Clearinghouse, a non-profit organization, confirmed that around 900 colleges/universities were affected by the MOVEit attack.

The breach involved the unauthorized access of sensitive student data, including names, contact details, school records, and more.

The organization took steps to enhance security, including software patching, stricter monitoring, and offering identity monitoring services for affected individuals.

The MOVEit hack has far-reaching consequences, affecting various organizations beyond educational institutions, including Norton’s parent company, Gen Digital, the US Department of Energy, Siemens Energy, Shell, and Schneider Electric.

Notable entities like the French government agency Pole Emploi, the Colorado Department of Health Care Policy and Financing, and Maximus also suffered significant data breaches.

Takeaways

For organizations that are still utilizing an exposed version of MOVEit, it is crucial to address this issue promptly, as ample time has passed for remediation.

We continue to monitor developments related to the MOVEit attack. For further updates and analysis, please refer to our earlier news articles on this topic:

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.