Briefings From DataGuard: CL0P Ransomware Gang Exploits MOVEit Vulnerability

CL0P Ransomware Gang Exploits MOVEit Vulnerability

The joint Comprehensive Security Advisory (CSA) issued by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) has announced important information regarding the CL0P ransomware.

The CL0P Ransomware Gang initiated a series of attacks starting on May 27, 2023. A vulnerability involving SQL injection has been discovered in the web application of MOVEit Transfer, which could enable an attacker without authentication to access the database associated with MOVEit Transfer illicitly. The severity of the breach may vary depending on the specific database engine being utilized, such as MySQL, Microsoft SQL Server, or Azure SQL. In some instances, the attacker might be able to deduce details regarding the database’s structure and contents, as well as execute SQL statements capable of modifying or deleting elements within the database. MOVEit Transfer is a commonly utilized software for transferring files securely, employing encryption techniques and reliable File Transfer Protocols to facilitate data transfer. It has gained significant popularity among various sectors, including healthcare, education, the US federal and state government, and financial institutions, resulting in a substantial user base in these industries.

To minimize the chances of falling victim to CL0P ransomware or similar ransomware incidents, DataGuard security experts encourage your business or IT support to take the following actions.
• Watch network ports, and protocols, changing security configurations on network infrastructure devices like firewalls and routers.
• Provide administrative privileges and access only when required, implementing a list of approved software allowing only legitimate applications.
• Create a record of all assets and data, distinguishing between authorized and unauthorized devices and software.
• Frequently apply patches and updates to software and applications, ensuring they are up to date with the latest versions, and perform regular assessments to identify vulnerabilities.

Mike Reece, DataGuard Chief Executive Officer

DataGuard is a MSSP firm headquartered in Chicago, Illinois, with offices in Indianapolis, Atlanta, and other strategic locations across the globe. The company is a one-of-a-kind business partner whose people, processes, and technology provide invincible cyber security for a price point that pays for itself.

www.data-guard365.com / (317) 967-6767 / info@data-guard365.com