Clop Ransomware, New Credential-Stealing Malware, Prioritizing Cybersecurity
In this episode of GRXcerpts, get updates on:
Clop Ransomware and GoAnywhere MFT Vulnerabilities
New Credential-Stealing Malware
Executive Cybersecurity Concerns
Clop Ransomware - GoAnywhere MFT Server Vulnerability
Topping our news is an update on the Clop ransomware gang, which claims to be behind recent attacks that exploited a zero-day vulnerability in the GoAnywhere MFT secure file transfer tool. Clop says they have stolen data from over 130 organizations by breaching vulnerable servers with unpatched GoAnywhere MFT instances. The gang claims they can move laterally through their victims’ networks and deploy ransomware payloads to encrypt their systems but so far, has only stolen documents stored on the compromised GoAnywhere MFT servers. GoAnywhere’s developer, Fortra, disclosed to customers that the vulnerability was being exploited as a zero-day in the wild, and issued an emergency security update followed by another update, only to discover an unauthorized party accessed the systems via a previously unknown exploit and created unauthorized user accounts. In a precautionary move, Fortra implemented a temporary service outage and is restoring service on a customer-by-customer basis, as mitigation is applied and verified within each environment.
Clop has been one of the most active ransomware groups over the past several years, targeting private and public organizations globally, in sectors such as aerospace, energy, education, finance, high-tech, healthcare, manufacturing, telecommunications, and transportation. Additionally, Clop is believed to be behind at least one of the recent attacks on telecommunications companies, targeting a third-party vendor’s unsecured cloud storage and gaining access to 37 million AT&T client records.
Similarly, the Health Sector Cybersecurity Coordination Center (HC3) has issued a warning to healthcare and public health organizations, stating the Clop ransomware gang is highly capable, well-funded, and prolific, and is considered to pose a significant threat to the HPH sector.
New Credential-Stealing Malware
Apple iOS Update
Apple released a new version of the operating system for iPhones and iPads after becoming aware that hackers were using a vulnerability to hack Apple devices. This latest bug was in WebKit, Apple’s browser engine that’s used in Safari, and a historically popular target for hackers since it can open up access to the rest of the device’s data. According to Apple, the chances that an average iPhone user will be targeted with a zero-day are slim, but notes you should still update your phone.
Executives Prioritizing Cybersecurity
And finally, with the surge in cybercrime and more sophisticated attacks, cybersecurity and business interruption are now considered top corporate risks, according to research from the Allianz Group. In fact, data security is a priority issue at most senior levels within US organizations, with executives concerned about a range of potential incidents, from ransomware to data breaches to supply chain disruptions, not to mention the costs associated with a breach. IBM data shows the average cost of a data breach hit a record $4.35 million in 2022 and is expected to surpass $5 million this year. The report also shows organizations that have an incident response plan and test it regularly can lower their breach costs, saving as much as $2.6 million. Or in other words, proper preparation just makes good financial sense.
All information is current as of February 14, 2023. Subscribe to receive future episodes as they are released.
Get Cyber Risk Intel delivered to your inbox each week: