[Security News] Massive MOVEit Hack Impacts Over 130 Organizations and 15 Million People

moveit hack

June 2023


1. Massive MOVEit hack impacts over 130 organizations and 15 million people

MOVEit, a managed file transfer software used by organizations worldwide to securely transfer data, was hacked by the Russian-speaking Clop ransomware gang, who exploited a SQL injection zero-day vulnerability (CVE-2023-34362) to obtain access to data that were transferred via MOVEit, impacting hundreds of organizations that used the platform.

The intrusion can be traced back to May, but investigations show that hackers may have begun testing the vulnerability as early as 2021. Clop ransomware claimed to have stolen data from hundreds of organizations, and gave all victims until June 14 to reach out for ransom negotiations. By the end of June, over 130 organizations and government bodies were confirmed to be impacted, affecting at least 15 million individuals. Some of these confirmed victims include Shell, Siemens Energy, Schneider Electric, Sony, Cognizant, EY, PwC, AbbVie, and UCLA.

The attack caused ripple effects across multiple industries. For instance, data stolen from Zellis, a UK-based payroll company, further exposed employee data from the BBC, British Airlines, and Aer Lingus. Large numbers of individuals were also affected – files stolen from the Minnesota Education Department included personal and locational data of 95,000 students placed in foster care.

This is another example of when a single web vulnerability can lead to widespread consequences. As such, a next-gen web application and API protection (WAAP) solution like WAPPLES is crucial to effectively protect zero-day web vulnerabilities like SQL injection.

Sources: SecurityWeek, SC Media, TechCrunch, BankIntoSecurity


2. American Airlines and Southwest Airlines disclose data breach impacting pilots

American Airlines and Southwest Airlines, two of the four largest airlines in North America, disclosed a data breach on June 23. The breach was said to be the result of a cyberattack at a third-party vendor that manages pilot recruitment portals for a number of airlines.

The third-party vendor, Pilot Credentials, informed both airlines about the attack on May 3, stating that an unauthorized attacker gained access to its systems on April 30, stealing documents submitted by pilots during the recruitment process.

American Airlines confirmed that the breach affected 5,745 pilots and pilot candidates, whereas Southwest confirmed 3,009. Some of the exposed information included names, dates of birth, Social Security Numbers, passport numbers, driver’s licence numbers, and Airman Certificate numbers.

Both airlines stated that they have switched away from the vendor and now use their own systems for recruitment. 

Sources: Bleeping Computer, CSO Online


3. European Investment Bank attacked by Killnet hacktivist group

Luxembourg-based European Investment Bank (EIB) confirmed on June 19 that a cyberattack targeting the company’s systems has taken down its website and services. Serving as the development bank for the European Union, the institution provides loans and financial services to small and medium-sized enterprises.

Pro-Russian hacktivist group Killnet claimed responsibility for the attack on Telegram. The EIB’s main website was brought offline, while the website for the European Investment Fund (EIF) suffered major service interruptions. Killnet further claimed that it will begin to target international bank transfer systems IBAN, SWIFT, SEPA, WIRE, and WISE.

The attack occurred at a time when a number of threats against European financial institutions were made by pro-Russian hackers. It is likely that more European banks will be targeted.

Sources: Cybernews, Cybersecurity Insiders


Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: iSIGN+ 

Car, Energy, Factory, City Solutions: Penta IoT Security