Data breaches, privacy violations, financial losses and a damaged reputation are things businesses never want to experience. A data breach alone can cost $4.45 million in 2023, according to IBM. That is a big price to pay. Therefore, it is crucial for organizations to identify and address data vulnerabilities to protect sensitive information and maintain data integrity and confidentiality.
But occasionally, data vulnerabilities are first seen by bad actors. Case in point is the MOVEit Transfer vulnerability.
The Cybersecurity and Infrastructure Security Agency had to release a security advisory, through Progress Software, for the MOVEit Transfer vulnerability in June. This came after Progress discovered a vulnerability in MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment.
For those unfamiliar with it, the MOVEit Transfer vulnerability, CVE-2023-34362, is a SQL injection vulnerability that could allow an unauthenticated attacker to access and manipulate a business's database. The vulnerability impacted all versions of the MOVEit file transfer service, including on-premises and cloud-based versions.
The vulnerability was exposed by a group called Clop. The established ransomware group carries out organized cybercrime where hackers try to remotely extort victims by remotely encrypting their data or stealing and threatening to publish files. The group’s victims include the BBC, Shell, Johns Hopkins Health Systems, British Airways, the state of Illinois and the departments of motor vehicles of Oregon and Louisiana.
Eversource is added to that list, now.
Eversource is a public utility holding company that provides electricity, natural gas and water services. They serve over 4.4 million customers in Connecticut, Massachusetts and New Hampshire.
As of August 31, around 1,400 Connecticut customers who had participated in a solar incentive program managed by an external provider named CLEAResult may have had their personal information, including Social Security numbers, exposed.
Additionally, around 1,800 accounts in an electric vehicle incentive program were also exposed, as of August 31; however, Social Security numbers were not compromised in those cases.
To help customers who may have been affected, Eversource will guide them to free identity protection and credit monitoring services to customers who request them. And there are steps MOVEit Transfer customers are recommended to take to patch the vulnerability, if they haven’t already.
According to Progress, it is crucial to disable all HTTP and HTTPS traffic to the MOVEit Transfer environment. Specifically, firewall rules should be adjusted to block HTTP and HTTPS traffic on ports 80 and 443. During this period of traffic suspension, users will be unable to access the MOVEit Transfer web UI. MOVEit Automation tasks utilizing the native MOVEit Transfer host will not function. REST, Java and .NET APIs will be non-operational. The MOVEit Transfer add-in for Outlook will not be functional. However, SFTP and FTP/s protocols will continue to operate as usual.
As an alternative, administrators can access MOVEit Transfer by utilizing a remote desktop to access the Windows machine and then navigating to https://localhost/.
Then, they can apply the patch for supported MOVEit Transfer versions. Links to these patches will be provided accordingly. After applying the patch, individuals should remember to re-enable all HTTP and HTTPS traffic to their MOVEit Transfer environment. For ongoing security updates and the latest information, it is recommended to bookmark the Progress Security Page and regularly refer to it.
But yeah, this breach is another wake-up call for cybersecurity preparedness and vulnerability management. Businesses must navigate various challenges when it comes to maintaining robust cybersecurity measures in a hybrid world. And occasionally, new challenges pop up.
For businesses that want to learn about the best practices for safeguarding their business against evolving cyber threats in the hybrid work environment, technology solutions provider Apex Technology Services has teamed up with Datto, a cybersecurity provider, to host a breakfast seminar titled "Cybersecurity and Hybrid Work: How To Keep Your Business Protected" from 8:30 AM to noon EST on Wednesday, September 13, at the Datto Offices, 101 Merritt 7, in Norwalk, Connecticut. Pre-registration is required.
Attendees will have an opportunity to gain a comprehensive understanding of the latest cybersecurity threats and vulnerabilities, discover effective strategies for securing remote and hybrid work environments, learn about cutting-edge technologies and tools to enhance cyber resilience, network with industry professionals, thought leaders and peers, and hear case studies and real-world examples that illustrate the tangible impact of cybersecurity measures on their bottom line.
Confirmed presenters include James Baker, Digital Forensic and Incident Response Manager Westport Police Department and Adjunct Professor at Fairfield University; Suzanne Malloy Zaleski, Malloy Insurance; Michael DePalma, Vice President, North America, Datto; and Larry Szebeni, Chief Operating Officer, Apex Technology Services.
Attendees will leave the free seminar with tools and strategies to proactively address cybersecurity challenges of the hybrid work era, protecting businesses’ vital assets and reputations against threats.
Edited by Alex Passett