Proactive Cybersecurity and Vulnerability Management: Learning from the MOVEit Compromise

In today’s fast-moving digital world, the importance of proactive cybersecurity and vulnerability management cannot be overstated. A recent incident that underscores this need is the MOVEit compromise, a sophisticated breach perpetrated against a data transfer software tool that has captured headlines for several months.

During a recent live webinar, Rick Mutzel, Security & Compliance Officer at Omega Systems, delved into the details of the MOVEit compromise, reviewing the severity of its impact and highlighting the significance of a multi-layered security program to mitigate and manage complex vulnerabilities and cybersecurity threats.

The MOVEit Compromise: A Brief Overview

The cybersecurity community has been abuzz with the recent compromise of Progress MOVEit, a managed file transfer application designed to allow businesses to share large amounts of (often sensitive) data, such as social security numbers, medical records, and pension information. This breach has exposed the data of over 60 million victims and over two thousand organizations thus far, with a notable concentration in the United States, particularly within the financial services sector.

The compromise unfolded over several months, starting in late May 2023, when threat actors hacked MOVEit via a zero-day SQL injection vulnerability. (As their name suggests, zero-day vulnerabilities are security flaws exploited by cybercriminals before software vendors can provide a fix – leaving them with “zero days” to respond.) Progress Software, the parent company of MOVEit, disclosed the vulnerability a few days later. Less than two weeks after the initial incident, Russia’s “Cl0p” gang claimed responsibility for the breach and set a date for victims to negotiate ransom payments.

As the compromise continued, additional vulnerabilities in the platform were identified and subsequently addressed through multiple patches released by Progress.

Understanding the Severity of the MOVEit Compromise

The breach had a profound impact on various sectors, with financial services being hit the hardest. An estimated 80-90% of victims were organizations in the United States, and more than 30% of these were within the financial services sector. Healthcare, information technology, government, and military sectors were also hit, underscoring the broad reach of the slow-moving disaster.

To make matters worse, the compromise revealed high levels of risk posed by third-party vendors, with about 60% of victims being indirectly impacted through the use of MOVEit bundled with other applications. Moreover, the number of victims and compromised Personal Identifiable Information (PII) records steadily increased over the last several months, demonstrating the dragging nature of the breach and emphasizing the need for more robust cybersecurity practices across various industries and company sizes.

Lessons Learned and Proactive Security Measures

Even the most robust cybersecurity prevention programs are not fool-proof, and threat actors have demonstrated a continued drive to exploit system vulnerabilities for economic gain. But that doesn’t negate the need for strong cyber protections and security investments to protect against evolving ransomware threats and zero-day vulnerabilities.

As the MOVEit compromise has shown us, there are several necessary security layers to include within a business’s cyber threat prevention program:

• Vendor Risk Management: Before entering into a new partnership (and on a recurring basis), thoroughly vet third-party vendors to ensure they meet your compliance standards and security protocols. Maintain a proactive vendor risk management strategy throughout the partnership to minimize risks associated with third-party applications. If you’re not sure where to start, we’ve gathered 40 critical information security questions you should ask vendors and service providers.
• Vulnerability Management: Adopt a proactive vulnerability management strategy, including routine vulnerability scans, both internally and externally. Regular vulnerability and risk assessments examine your entire attack surface – from workstations, mobile devices and servers to databases, firewalls, and beyond – and help ensure your security controls remain effective against vulnerabilities.

• Data and Access Management: Implement robust controls to identify where data resides and who has access to it. Maintain a clear understanding of your data landscape, enabling swift action in the event of a breach. When data is compromised – time is of the essence.
• Employee Awareness and Training: Conduct regular employee training to enhance cybersecurity awareness. Employees should be educated on identifying and responding to potential threats, both existing and emerging, curbing the risk of human error.
• Frequent Security Updates: Establish a patch management strategy that allows for immediate approval and deployment of security updates, especially for critical third-party applications. Prompt patching minimizes exposure to known vulnerabilities.