At a glance.
- MOVEit breach impacts Michigan State University.
- Law firm discloses possible compromise of client data.
- Cl0p's posting stolen data to the clear web.
MOVEit breach impacts Michigan State University.
The Lansing State Journal reports that American college Michigan State University (MSU) was affected by two third-party vendor breaches that might have exposed the personal data of MSU community members. MSU says the National Student Clearinghouse (NSC) and Teachers Insurance and Annuity Association of America (TIAA) were impacted in the breach of MOVEit, a cloud-based software platform used by countless organizations for data file transfer services. It’s unclear how many members of the MSU community have been impacted, but both vendors have promised to supply the school with a list of compromised individuals. Melissa Woo, an MSU vice president and chief information officer, states, "While we know there was no breach to Michigan State University's networks or systems, this compromise of a third-party organization is concerning and compels us to notify our community and provide ways in which they can protect their information." As WLNS 6 News notes, MSU has advised community members to be on the lookout for phishing emails, strengthen their passwords, and use multifactor authentication whenever possible.
Law firm discloses possible compromise of client data.
American law firm Quinn Emanuel Urquhart & Sullivan has disclosed that client information might have been compromised in the breach of an electronic discovery vendor the firm uses for document management. Quinn Emanuel has not disclosed the name of the vendor, but says the incident occurred in May of last year and was "limited to a small portion of our clients and matters." The firm, which specializes in business litigation and is based in the state of California, has notified those impacted by the breach, and a source says this includes fewer than two thousand individuals. Reuters notes that the breach is the latest in a series of third-party attacks impacting law firms, as several firms including Jones Day and Goodwin Procter were impacted in the 2021 breach of file transfer vendor Accellion. Providers of legal services, which by nature must collect sensitive and confidential data about their clients, are attractive targets for threat actors.
Cl0p's posting stolen data to the clear web.
Cl0p has begun to eschew the dark web in favor of posting stolen data on the clear web, HackRead reports. The method is quicker and more accessible than the more familiar gangland tactic of publishing in Tor sites; it also exposes the gang to more immediate disruption.
Chris Morgan, Senior Cyber Threat Intelligence Analyst at ReliaQuest, sees the gambit as not only ratcheting up the pressure on the victims, but also, paradoxically, increasing Cl0p's own exposure to takedowns and other legal action. “In a recent development, the Clop ransomware group have begun posting impacted companies' stolen data on the clear web to increase the exposure and ratchet up pressure on the named companies. While this will undoubtedly result in additional eyes on the stolen data—and thus, increase the risk—it will also be easier for named companies to submit takedowns requests to get the sites removed. It will however also be easier for Clop to post the data in a quicker fashion, avoiding the significant delays in posting on the dark web due to the restrictions posed on upload speeds." ALPHV used this tactic, Morgan said. "This was a tactic that was originally conducted by the Alphv ransomware group in June 2022, however it is unclear whether this resulted in additional ransom payments for the group." And Cl0p's data release also figures in an unusual mode of communicating with victims. "Following the exploitation of the MOVEit zero-day vulnerability, Clop have taken an out-of-the-box approach to communicating with impacted companies. Clop have requested that victims reach out to them if they have been breached. This tactic has put the burden on the victims to figure out whether they have been breached. This latest move to post victims' data onto the clear web may be a further development of this tactic, to pressure victims that have so far refrained from paying a ransom to come to Clop's negotiating table.”