At a glance.
- Victims sue US healthcare network for breach of patient data.
- Multiple blanks impacted in MOVEit data breaches.
- A closer look at Cl0p.
A closer look at Cl0p.
The Cl0p ransomware group has been making recent headlines for its role in the mass-hack of a recently discovered vulnerability in the widely-used MOVEit file transfer application. As victims continue to disclose data breaches tied to the bug and Cl0p adds names to its hack list, ZeroFox offers a detailed analysis of the threat group’s activities. Analysts found that Cl0p typically engages in very low levels of activity for a period of several months, then carries out a series of high tempo attacks for several weeks.
As with the MOVEit hacks, Cl0p’s attacks often coincide with the discovery of critical vulnerabilities, allowing the cybercriminals to target multiple high-profile victims simultaneously. Rather than encrypting the infiltrated software, the group’s typical modus operandi is to exfiltrate data and then issue ransom demands. The researchers could find no pattern in the timing of Cl0p’s attacks, likely because they correlate with the unpredictable detection of zero-day vulnerabilities. That said, in the case of the MOVEit attacks, reports suggest group members identified the bug as early as March 2023 and delayed exploitation until the US’s celebration of Memorial Day, when security teams would likely be less vigilant.
Multiple blanks impacted in MOVEit data breaches.
Speaking of the MOVEit attacks, several additional victims have surfaced in recent days. CPO Magazine reports that German multinational investment bank Deutsche Bank shared customer data with a third-party vendor impacted in the MOVEit hacks. A Deutsche Bank spokesperson stated, “We have been notified of a security incident at one of our external service providers, which operates our account switching service in Germany.” Although the bank has chosen not to disclose the identity of the vendor, sources say it’s Majorel Germany, which provides account switching services for several German banks and has confirmed it suffered a MOVEit attack. A Majorel spokesperson explained, “The attack took place before the software’s vulnerability became public and only affected a single system running MOVEit software in Germany.” The compromised Deutsche Bank data include customer names and International Banking Account Numbers for individual German customers, and although the stolen info could not give the attackers access to the customers’ accounts, it could be used to carry out unauthorized direct debits. German banks ING Bank, Postbank, and Comdirect have also disclosed they experienced customer data leaks linked to the MOVEit hack.
Stateside, JDSupra reports that PlainsCapital Bank has also confirmed that one of its vendors was impacted by the MOVEit vulnerability. The Texas-based financial services institution posted a notice on its website explaining that an unauthorized party gained access to sensitive customer data including Social Security numbers and bank account numbers. The unidentified third-party vendor, who uses MOVEit for file transfer activities, disclosed the breach to PlainsCapital on June 27th, and the bank began notifying all compromised individuals on July 14.
Victims sue US healthcare network for breach of patient data.
HCA Healthcare, a medical facilities operator based in the US state of Tennessee, has been hit with at least five lawsuits connected to a massive data breach disclosed earlier this month. HCA explained that the attacker exfiltrated data from an external storage location, and then posted the stolen info online. Becker’s Hospital Review reports that the incident impacted up to 11 million patients across nineteen states, and complaints have been filed by victims in Tennessee, California, Florida and Texas. Attorney Tricia Herzfeld is representing a patient from Nashville, Tennessee says the purpose of her complaint is to "be able to take on a big corporation like HCA and say, 'No, we're not going to take this, and you do have obligations to safeguard our information, and we're going to band together, all 11 million of us in this class, to make sure you know that." After learning of the lawsuits, HCA stated, "Our commitment to our patients is unwavering and is not affected by any class-action lawsuits or other legal proceedings. We will respond to any lawsuits or proceedings, in the appropriate forums and ordinary course."