The MOVEit vulnerability has led to another victim coming forward to confirm a data breach.
The Metro Vancouver Transit Police confirmed a cyber attack that exposed 186 files owing to the cyber incident. However, the Metro Vancouver Transit Police data breach has been attributed to a Russian cyber-extortion gang, Cl0p.
MOVEit impact: Metro Vancouver Transit Police data breach
A tweet by the media relations for Metro Vancouver Transit Police read, “Transit Police is notifying the public that a limited number of its files were accessed during a cyberattack on MOVEit, a third-party file transfer software used by the agency.”
A review was underway the department confirmed adding that the hackers did not steal from the Transit Police Network.
Addressing the vulnerability in MOVEit file transfer service the news release said, “The files were accessed due to a security vulnerability within the MOVEit software, which has since been patched and repaired.”
The Metro Vancouver Transit Police cyber attack was not expected to impact prosecutions or police investigations.
The investigations for the data breach on the Vancouver Transit Police is being conducted by the RCMP Cybercrime Investigative Team Montreal with the RCMP Cybercrime Investigative Team Vancouver.
List of vulnerabilities in MOVEit
Initially unnamed, MOVEit vulnerability was addressed by Progress on May 31, 2023. A company tweet on May 30 urged users to safeguard their data because data breaches may be lurking around.
However, the cyber attacks caused due to the MOVEit security breach were found executed since the long Memorial Day holiday in the United States of America starting on Friday, May 27, and continuing over the weekend.
Progress has been addressing vulnerabilities in MOVEit and updating the same in its patch notifications.
The company named and addressed the first vulnerability that caused the widespread cyber attack on its global list of clients – CVE-2023-34362 on May 31, 2023. Following this, CVE-2023-35036 was addressed on June 9, 2023.
A third vulnerability – CVE-2023-35708 was patched on June 15, 2023.
Addressing the vulnerability, the company notice stated that the MOVEit Cloud was patched and fully restored. The company took HTTPs traffic offline for MOVEit Cloud while asking its customers to do the same.
Another update on June 16 confirmed that a patch was deployed for MOVEit Cloud which was returning to full service.
On June 18, the notice was updated with the news that a vulnerability was found being exploited on June 15. The company was forced to take MOVEit Cloud offline for maintenance and defensive measures.
There have been no new updates on the Progress notice page. However, Cl0p has named nearly 63 companies it managed to breach and demand ransom from, a tweet by a Threat Analyst Brett Callow read.
Reward for a tip against Cl0p
As Cl0p announced that it has erased all the data pertaining to police service and government, the FBI and the Cybersecurity & Infrastructure Agency of the USA announced a $10 million reward for information about Cl0p.
The Rewards for Justice website announced a $10 million reward for anyone providing any actionable information about the ransomware group to try and put an end to the chaos and series of data breach notices published by the hackers.
It was also argued that Cl0p momentarily stopped posting names of victims post June 16, after the police made the reward announcement on its various social media platforms.