Six months after the initial incident, the MOVEit data breach is still causing serious concern among IT leaders and has stirred them to take drastic steps to protect themselves against similar attacks.
Research from Censuswide has found the MOVEit incident is the cause of a spike in anxiety over the threat of ransomware, with many ramping up efforts to mitigate potential future risks.
In a survey with 100 directors of large enterprises in the UK, 90% of respondents reported they now have increased concerns about ransomware attacks as a result of the MOVEit breach.
Almost a quarter of leaders described a significant jump in anxiety in the wake of the breach, with two-thirds reporting they have become increasingly concerned about the prospect of potentially disastrous future attacks.
The report also shows this concern is being translated into action, with 42% of leaders stating their business has invested in backup and recovery. A further 41% of businesses increased their spending on cyber security while nearly one-third (31%) took out cyber insurance policies.
Business leaders now view ransomware attacks as an inevitability, according to the research, and 50% of respondents believe it is highly likely they will suffer more than one attack.
This lingering fear among senior IT professionals is also turning into a sense of fatalism, the survey found. Half of leaders polled said they believe it’s impossible to protect against ransomware due to the increased frequency and sophistication of attacks.
Why did the MOVEit breach have such a profound impact?
The MOVEit data breach was a series of cyber attacks and data breaches attributed to the Cl0p ransomware group that exploited a zero-day vulnerability in the managed file transfer software, MOVEit.
Used by thousands of organizations globally, the MOVEit breach impacted a number of large companies such as the BBC, British Airways, Aer Lingus, and Boots.
The attackers gained initial access to the MOVEit Transfer web application via an SQL injection.
To date, more than 2,600 organizations have been impacted by the breach, along with 77.2 million people, according to research from Emsisoft.
Chris Morgan, senior cyber threat intelligence analyst at ReliaQuest, told ITPro that the Censuswide research comes as no surprise given the severity and scale of the breach.
Learn how malicious actors target the attack surface
DOWNLOAD NOW
Morgan noted that Clop’s methods during the attack should be front of mind for IT and security practitioners moving forward.
“Cl0p’s shift to leaking data on the clear web and through torrents made it easier for anyone to access the data without special dark-web software, increasing the pressure on compromised entities,” he said.
“Data is also easier to host and faster to download on the clear web, making it more likely stolen data will be downloaded. Whilst some of these tactics aren’t novel, the combination of them and the scale of the breach was of particular concern for organizations globally.”
Phil Robinson, principal security consultant at Prism Infosec, echoed Morgan’s comments. In particular, Robinson said a key takeaway from the breach should be the sheer scale of carnage wrought on organizations throughout the supply chain.
“Clop deliberately timed this attack to fall after its attack on the GoAnywhere MFT in February and it’s clearly going after FTPs because these penetrate the supply chain, dramatically increasing the number of victims it can extort funds from (as not just the host but its customers and partners are compromised too).”
