Cyber Security News Roundup – 19th June 2023

It's a new week, and that means a round up of some of the cyber security and data protection news headlines over the last 7 days! To learn more about each story, click the headings.

Clop ransomware gang starts extorting MOVEit data-theft victims

15/6

Following their exploitation of zero-day vulnerability CVE-2023-34362 on the MOVEit secure file transfer service, Clop has now begun to extort the numerous victims. Earlier reports suggested that Clop would take their time to start the extortion process, but company names have just now started being listed on Clop’s leaks site – a tactic frequently used before the publication of stolen data. Clop claim to have breached “hundreds of companies”, and state that if ransom demands are not met stolen data will be published on the 21^st of June. On the 14th of June, Clop listed 13 companies on their extortion site, including Shell, UnitedHealthcare Student Resources, and the University of Georgia. A listing for Greenfield CA has since been removed, indicating either a mistake, or that ransom negotiations are taking place. Despite making large financial demands, reports suggest that Clop were largely unsuccessful in their GoAnywhere extortion attempts, as companies preferred to disclose their data breaches instead of paying ransoms. (Bleeping Computer)

MOVEit Transfer customers warned of new flaw as PoC info surfaces

15/6

Progress, the parent company of the MOVEit file transfer service, have warned customers to restrict all HTTP access to their environments after information on a new SQL injection flaw – CVE-2023-35708 – was shared online. Security patches have now been released to address the “critical vulnerability”, however until the vulnerabilities are patched Progress recommends that users modify firewall rules to deny HTTP and HTTPs traffic to MOVEit Transfer on ports 80 and 443. (Bleeping Computer)

Shell confirms impact of Clop ransomware attack on MOVEit file transfer tool

16/6

British Multinational oil and gas giant Shell has confirmed that it has fallen victim to the Clop ransomware attacks targeting the MOVEit file transfer service – the second time since 2021 that they have been targeted by Clop through a file transfer service. A Shell spokesperson stated that there was no evidence of impact on Shell's core IT systems, their IT teams were actively investigating the incident, and that Shell was not engaging in communication with the hackers. Shell are now collaborating with the cyber security team and relevant authorities, as well as contacting affected individuals to address any risk following the incident. (International Business Times)

US Government offers $10 million bounty for Clop Ransomware information

16/6

The US State Department’s Rewards for Justice program (RFJ) has announced a reward of up to $10 million for any information connecting the recent Clop ransomware attacks to a foreign government. Reports suggest that a number of federal US agencies, including the Department of Energy, have been compromised as a result of Clop’s recent attacks, despite a spokesman for the ransomware group publicly stating that their operation is financially, and not politically, driven – the group also denies holding any government or military data. (Proactive Investors)

Reddit hackers threaten to leak data stolen in February breach

18/6

Following Reddit’s February confirmation that they had been affected by a cyber-attack, the BlackCat ransomware operation has now taken responsibility, claiming to have stolen over 80gb of data. The criminal group – also behind the attack on Western Digital that caused widespread disruption to their My Cloud service – gained access when an employee fell for a phishing attack, which provided access to Reddit’s internal systems, documents, source code, employee data, and limited advertiser data. Despite being a ransomware group, in this attack BlackCat did not actually encrypt any of Reddit’s devices. After contacting Reddit twice, on the 13^th of April and 16^th of June, with ransom demands of $4.5 million and not receiving a response, BlackCat now intend to release the full set of stolen data to the public. (Bleeping Computer)

Attempted cyber attacks occur every second, and as we can see from the recent headlines, constantly change in nature. It's vital that your organisation is as protected as possible from all forms of cyber crime, so Contact Celerity to find out how we could protect your business!