Source: CyberNews
Summary
The U.S. Government Rewards for Justice program recently announced a reward of $10,000,000 for information that links the Cl0p ransomware gang to a foreign government.
The Cl0p gang, believed to be Russia-based, recently released a list of high-profile victims it says it exploited via vulnerabilities in MOVEit Transfer, a software used for securely storing and transferring sensitive data. Its victims were mainly located in the U.S. with others in Europe and Canada.
Analysis
It's not every day that a government puts up a bounty for cybercrime groups, and this demonstrates the severity of the situation. Given that Cl0p has primarily targeted U.S. entities and successfully stolen large amounts of sensitive information, issuing this reward was a logical next step for the U.S. government.
Although Cl0p claims to permanently delete any stolen information if a ransom is paid, it’s unlikely the group would turn down the opportunity to sell this data to interested parties. Additionally, the Russian Federal Security Service (FSB) has been known to allow cybercrime groups to operate freely in Russia in exchange for access to the information the groups acquire.
Obtaining information linking Cl0p to a foreign government allows the U.S. government to pursue additional diplomatic measures to help counter the threat.
In general, secure data transfer services, such as MOVEit, will remain popular targets for exploitation, given the nature of the data they secure and the desirable list of organizations using them. Including MOVEit Transfer, four of the 10 most popular secure file transfer services have already been breached by threat actors, suggesting this pattern is likely to continue.
Mitigation
Field Effect’s elite team of Security Intelligence professionals constantly monitor the cyber threat landscape for vulnerabilities in software such as MOVEit Transfer. This research contributes to the timely deployment of signatures into Covalence to detect and mitigate threat activity. Covalence users are automatically notified when vulnerable software, such as MOVEit Transfer, is detected in their environment.
Field Effect recommends that organizations apply the appropriate mitigation measures and patch any affected versions of MOVEit Transfer as soon as possible according to the instructions issued by Progress. In the meantime, Progress urges its users to disable HTTP and HTTPS traffic to MOVEit Transfer environments.
If your organization uses any secure data transfer service, ensure proper mitigations are in place to detect unauthorized access, misconfigurations, and data theft before a vulnerability is officially announced.
References
