In recent developments, the United States government, alongside countless other entities, has experienced cyber attacks executed by hackers from Russia and China. However, it is not alone in facing this challenge, as foreign organizations, universities, and global corporations have also fallen victim to cyber intrusions. Additionally, ministries of foreign nations have been specifically targeted, underscoring the gravity of the situation. Although such incidents occur periodically, it is crucial to acknowledge their profound impact on cybersecurity and the urgent need for immediate action.
Millions of Americans’ Personal Data Exposed in Global Hack
The latest disclosed breach has impacted 3.5 million Oregonians with driver’s licenses or state ID cards and a similar population in Louisiana, although a precise number for the latter has not been provided. Federal officials have linked this hack to a broader hacking campaign attributed to a Russian ransomware gang.
Johns Hopkins University in Baltimore and the university’s renowned health system said in a statement this week that “sensitive personal and financial information,” including health billing records may have been stolen in the hack.
Meanwhile, Georgia’s state-wide university system – which spans the 40,000-student University of Georgia along with over a dozen other state colleges and universities – confirmed it was investigating the “scope and severity” of the hack.
CLOP last week claimed credit for some of the hacks, which have also affected employees of the BBC, British Airways, oil giant Shell, and state governments in Minnesota and Illinois, among others.
The Russian hackers were the first to exploit the MOVEit vulnerability, but experts say other groups may now have access to software code needed to conduct attacks.
MOVEit
One prominent group behind these breaches is the “Klopp Ransomware Gang,” a Russian entity exploiting a vulnerability known as the “MOVEit Vulnerability.” This exploit enables them to execute remote code and upload ransomware, resulting in a complete takeover of compromised devices. Disturbingly, they claim to have compromised over 200 organizations already. Notably, MOVEit a widely-used secure file transfer software, has issued multiple advisories regarding this vulnerability, with the latest patch occurring on June 15th.
- CVE-2023-35708 (June 15, 2023)
- CVE-2023-35036 (June 9, 2023)
- CVE-2023-34362 (May 31, 2023)
June 15, 2023, Update: MOVEit Cloud has been patched and fully restored across all cloud clusters. See the MOVEit Cloud Status Page for updates. We are currently rolling out patches for MOVEit Transfer. Please monitor the June 15 MOVEit Transfer Knowledge Base Article for updates. This latest patch was released to address a newly identified vulnerability. We took HTTPs traffic down for MOVEit Cloud in light of the newly published vulnerability and asked all MOVEit Transfer customers to take down their HTTP and HTTPs traffic to safeguard their environments while a patch was created and tested.
Mandiant says China-backed hackers exploited Barracuda zero-day to spy on governments
Security researchers at Mandiant say China-backed hackers are likely behind the mass-exploitation of a recently discovered security flaw in Barracuda Networks’ email security gear, which prompted a warning to customers to remove and replace affected devices. The vulnerable device is typically deployed on-site. Shockingly, around 5% of these devices have already been compromised. Consequently, Barracuda has urged its customers to discontinue device usage temporarily until replacements can be dispatched. The cybersecurity landscape is evolving rapidly, with new vulnerabilities surfacing daily, necessitating constant vigilance and prompt response.
Implications and Mitigations
The scale of these breaches raises concerns for individuals who may have had accounts with compromised organizations. If you possess an account with any of the affected entities, it is highly advisable to change your password immediately. Given the widespread nature of these attacks, it is prudent to assume that your personal data and information may be at risk. Its also imperative to avoid reusing passwords across different platforms and consider adopting a reliable password manager like Bitwarden, an open-source, free solution that enhances security. By staying informed, maintaining robust security practices, and leveraging available tools, individuals can mitigate risks and safeguard their personal data in today’s increasingly complex digital landscape. For sysadmins it goes without saying, you must monitor the June 15 MOVEit Transfer Knowledge Base Article for updates, and remain vigillant within your scope.
Final Thoughts
As the unfolding hacks continue, the true scope of the damage and the individuals impacted remains uncertain. Nonetheless, this persistent cyber onslaught underscores the requirement for enhanced cybersecurity measures among both organizations and individuals. Given the frequency of hacking incidents, it is crucial to take a proactive approach and implement optimal strategies to reduce vulnerabilities and data exposure.
It is highly probable that we have only begun to uncover the depths of this situation. Although the perpetrators are notorious for demanding multimillion-dollar ransoms, as far as we currently know, they have not yet made any demands to the US GOV, state governments or other known affected entities.
Ciao for now, stay informed and stay secure!
Suggest an edit to this article
Check out our new Discord Cyber Awareness Server. Stay informed with CVE Alerts, Cybersecurity News & More!
Remember, CyberSecurity Starts With You!
- Globally, 30,000 websites are hacked daily.
- 64% of companies worldwide have experienced at least one form of a cyber attack.
- There were 20M breached records in March 2021.
- In 2020, ransomware cases grew by 150%.
- Email is responsible for around 94% of all malware.
- Every 39 seconds, there is a new attack somewhere on the web.
- An average of around 24,000 malicious mobile apps are blocked daily on the internet.