Learning lessons from the recent MOVEit hack

5 September 2023


Jack Viljoen, Head of Prodinity Cyber Solutions, provides a cyber safety 101 to avoid vendor-related cyber attacks

The recent surge in large-scale vendor-related cyber-attacks has exposed critical vulnerabilities in organisations’ cyber security practices. Several prominent companies, including the BBC, British Airways, and Boots, fell victim to the breach of their MOVEit file transfer systems, highlighting the pervasive threats faced by businesses, irrespective of their size.

Such attacks can be extremely damaging in a number of ways, including reputation management, business interruption, and the knock-on financial implications – but they do provide valuable lessons for the industry. Lessons we must learn.

The MOVEit hack serves as a stark reminder of the persistent threats faced by both large corporations and small to medium-sized enterprises (SMEs) in the realm of cyber security. The attack, driven by poor cyber security practices related to vendor access vetting and monitoring to company systems, has highlighted the critical need for heightened security measures across organisations to safeguard sensitive data.

Hackers took advantage of a vulnerability in MOVEit Transfer, a commonly used software tool for secure data transfers. This resulted in the risk of valuable employee information being stolen, including sensitive data like national insurance numbers and bank details. The widespread nature of the hack, affecting multiple organisations simultaneously, is causing concern among payroll providers globally.

Preventative action

The important thing to note here, is that this hack could have been avoided. The MOVEit attack exploited vulnerabilities that should have been addressed through robust cyber security protocols. It is imperative to highlight the weaknesses that allowed such an attack to occur, emphasising the importance of proactively fortifying systems against cyber threats.

First and foremost, insufficient employee awareness and training played a significant role in this breach. Cyber criminals often exploit human error and lack of knowledge to gain unauthorised access. Comprehensive training programmes are essential to educate employees about phishing attempts, malware risks, and the significance of safeguarding sensitive information. Simulated phishing exercises can help employees recognise and avoid phishing attempts, reducing the risk of successful attacks. Furthermore, fostering a culture of cyber security awareness within the organisation encourages employees to report suspicious activities promptly, enabling faster incident response.

A lack of regular security assessments and updates contributed to the vulnerability. Neglecting regular security assessments and updates leaves organisations vulnerable to exploits, so frequent vulnerability assessments are key to help identify weaknesses in systems that hackers can target. Penetration testing and vulnerability scanning should be conducted regularly to assess the organisation’s security posture comprehensively.

Patch management, too, is a critical aspect of cyber security. Organisations must prioritise timely application of security patches to address known vulnerabilities in their systems. Automated patch management tools can streamline the process and ensure all systems are up-to-date. Additionally, companies should establish a clear process for handling urgent patches to minimise exposure to potential threats.

How strong is your password?

In addition, weak password practices served as another entry point for attackers. Reusing passwords, employing weak or easily guessable passwords, or failing to enforce multi-factor authentication significantly increase the risk of unauthorised access. Organisations must emphasise the importance of strong password policies, encourage the use of password managers, and implement multi-factor authentication across their systems.

Password management tools can help employees generate and store complex passwords securely. Implementing single sign-on (SSO) solutions can also reduce the burden of managing multiple passwords while enhancing security. Regular password change policies, combined with educating employees on the importance of password hygiene, can further strengthen the organisation’s defence against password-related attacks.

Insufficient network segmentation and access controls also contributed to the successful attack on these organisations through the vendor route. By failing to separate critical systems and limit access privileges based on the principle of least privilege, companies inadvertently create avenues for lateral movement within their networks. A compromised account in one department can easily result in widespread access across the entire network, making it easier for cybercriminals to exfiltrate sensitive data.

Vendor-related cyber attacks can be particularly dangerous because they bring the challenge of supply chain vulnerability into sharp focus. Vendors often have privileged access to critical systems or sensitive data of the companies they work with. If a vendor is compromised, attackers can exploit this access to infiltrate the target organisation’s network, bypassing traditional security controls.

Cascading attacks

Since many organisations rely on multiple vendors for various services, products, or software components, this means the impact of a successful attack can span multiple countries and multiple territories. A successful attack on a vendor can have a cascading effect, leading to widespread damage and disruption.

Companies often have limited control over their vendors’ security practices and infrastructure. Even if an organisation has robust security measures in place, a vendor’s weak security posture can undermine the overall defence and become a point of entry for attackers.

Additional risk assessments should also be considered when dealing with vendors, particularly when it comes to the exchange of sensitive information.

At the very least, companies should perform thorough risk assessments to evaluate the security practices of potential vendors before entering into business relationships. This assessment should include evaluating their security controls, incident response plans, and overall security maturity.

This incident does present an opportunity for knowledge sharing and collaboration. By working together, the companies affected by the MOVEit attack can help to establish channels for sharing threat intelligence and security information with vendors. Together, we can collaborate on proactive measures to identify and mitigate emerging threats.

Can we trust our software?

The reliance of companies on the MOVEit file transfer system to exchange highly sensitive information amplifies the significance of the recent hack and the security patch issue. Organisations placed their trust in MOVEit as a secure solution for their data transfers, making the breach in its security infrastructure particularly alarming. The fact that the loophole went unnoticed due to a security patch issue raises concerns about the effectiveness of their security practices and the thoroughness of their assessments.

When companies entrust a third-party vendor with their sensitive data, they are entitled to expect a higher level of security and protection. The occurrence of a hack within a trusted system like MOVEit raises questions about the reliability of vendor systems and their diligence in detecting vulnerabilities.

Organisations should engage in rigorous vendor assessments before implementing third-party software solutions. Evaluating the vendor’s security history, conducting penetration testing of the software, and reviewing third-party security certifications can provide insights into the vendor’s commitment to cyber security. Establishing clear security requirements in vendor contracts and conducting regular security reviews can help maintain a high standard of cyber security across all vendor relationships.

The time to act is now

This unfortunate incident also underscores the need for organisations, regardless of their size, to prioritise cyber security. Investing in advanced threat detection and prevention technologies, employing regular employee training programmes, implementing robust access controls, and conducting regular security audits are vital steps to defend against evolving cyber threats.

The recent wave of vendor-related cyber-attacks serves as a wakeup call for organisations to fortify their cyber security measures. Through comprehensive and frequent security assessments, and stronger access controls, businesses can bolster their resilience against cyber threats. Collaborating with vendors and actively engaging in risk assessments can enhance the overall security posture. By assuming greater ownership of their cyber security, organisations can protect sensitive data, preserve customer trust, and ensure a safer digital future. The collaboration between businesses and cyber security experts is crucial in combating the growing menace of cyber-attacks and securing the digital landscape for all.

Previous post