Radisson Hotels Americas has become the latest target of a cyber attack by the CL0P ransomware group.
In a post, the hacker collective claimed the Radisson Hotels Americas Cyber Attack, stating that the company “doesn’t care about its customers” and it “ignored their security”.
Falcon Feed, a threat intelligence service, posted screenshots of the threat actor’s post, where they shared details about the company and listed it as their victim.
To gather additional details about the Radisson Hotels Americas cyber attack claimed by the CL0P ransomware group, The Cyber Express has reached out to Radisson Hotels Americas. However, as of now, the company has not responded.
Radisson Hotels Americas cyber attack confirmed
Cybernews reported that Choice Hotels International, the parent company of Radisson Hotels Americas, has confirmed that guest data from the hotel chain has indeed been compromised. The breach results from a MOVEit vulnerability exploited by the Cl0p ransomware gang.
In response to media inquiries, Choice Hotels acknowledged the impact of the MOVEit vulnerability, stating, “Unfortunately, we have confirmed that MOVEit software, from our vendor, had a vulnerability that was exploited by bad actors, resulting in data breaches affecting many of their customers, including Radisson Hotels Americas.
Moreover, the MOVEit file transfer application flaw has proven to be a gateway for hackers, enabling them to pilfer personal information from over 15.5 million individuals. The number of affected companies continues to rise steadily.
This vulnerability has been the focal point of Cl0p ransomware attacks, with more than 140 victims falling prey to this cyber assault.
While only a couple of victims have currently disclosed the extent of the impact, the estimated number of infected individuals exceeds 15.5 million, according to security analyst Brett Callow.
The list of MOVEit vulnerability victims rises
The Radisson Hotels Americas cyber attack is just one of the organizations affected by the active exploitation of MOVEit vulnerability.
Among the victims are approximately six million residents of Louisiana and around 770,000 members of the California Public Employees’ Retirement System, America’s largest pension system.
Between 2.5 and 2.7 million clients of Genworth Finance, about 1.5 million clients of Wilton Reassurance, over 170,000 beneficiaries of the Tennessee Consolidated Retirement System, and more than half a million clients of Talcott Resolution are also under risk.
As the number of victims affected by the MOVEit vulnerability continues to climb, businesses and individuals will likely suffer more.
The Cyber Express is following the MOVEit cyber attacks, and we’ll update this post once we have more information on the Radisson Hotels Americas cyber attack and other affected companies.
MOVEit vulnerability: The bugs continue to fly
Progress Software, makers of MOVEit Transfer, last week found and resolved another critical MOVEit vulnerability.
The vulnerability identified as CVE-2023-36934 is classified as a SQL injection vulnerability, which poses a significant risk to the security of the software.
If exploited, unauthenticated attackers could gain unauthorized access to the MOVEit Transfer database.
SQL injection vulnerabilities are well-known and highly dangerous security flaws that enable attackers to manipulate databases and execute arbitrary code.
By sending specially crafted payloads to specific endpoints within the affected application, attackers can modify or expose sensitive data stored in the database.
The severity of CVE-2023-36934 lies in the fact that it can be exploited without requiring authentication. This means that even attackers without valid credentials can potentially take advantage of this vulnerability.
However, no reports have been received thus far regarding active exploitation of this specific vulnerability by attackers.
This discovery follows a series of recent cyberattacks that utilized a different SQL injection vulnerability (CVE-2023-34362) to target MOVEit Transfer, resulting in the deployment of Clop ransomware, data breaches, and extortion of money from affected organizations.
CVE-2023-36932 is another SQL injection flaw that can be exploited by attackers who are already logged in to gain unauthorized access to the MOVEit Transfer database. On the other hand, CVE-2023-36933 is a vulnerability that enables attackers to unexpectedly terminate the MOVEit Transfer program.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.