Dispatch from the Front July 12, 2023

Top

Newsletter 07/12/2023 Updated 07/29/2023 Back to Contents

Versus

UPDATED 7/29/2023

Valiantly Trying to Save Western Civilization,
One Attack At a Time, Part 2.

On July 7, 2023, CISA released yet another advisory about the CLOP MOVEit vulnerability. Progress software, the company behind the MOVEit File Transfer application had again patched their product. This time Progress said it released a service pack for the application. This advisory was exactly one month after CISA launched its first advisory about the CLOP MOVEit vulnerability. Also, one month and a few days after CISA ordered all federal agencies to apply the Progress Software patches. Despite what seemed like a massive media push to get the information on MOVEit out and into the public throughout the month of June 2023, the attack continued unabated.

German security researcher for KonBriefing has assembled the most complete list of victims of the attack. By far, the USA, both inside the federal government and in the business community, has seen the lion's share of these attacks. Additional victimized entities continued to be added daily. The Victim Count for the US is now 380.

Even more unsettling is the vast number of large scale business enterprises that have suffered data breaches as the result of the cyberattacks. The attack has been especially successful because, as has been widely reported, rather than directly attacking their victims and targets, "organizations have been impacted due to their direct use of MOVEit while others have been exposed as a result of third-party vendors’ use of the file transfer service, including PBI Research Services and Zellis." Cybersecuritydive.com also reported, June 27, 2023, that as Michela Menting, senior research director at ABI Research, said:

This attack points to the continued success of supply-chain attacks — it’s much easier to target an upstream platform that delivers to many, than targeting each individual downstream target... The biggest worry is that many companies are simply unaware of the potential risk and resulting damage of supply chain attacks such as this one.

This has resulted in many institutions suffering multiple attacks. Therefore, it is not just the fiends in Russia behind these attack, their immediate threat may come from the entities' own vendors who are already part of the attack chain. KonBreifing offers several slides that detail how the third party service providers were the source of individual attacks. One examples of this is how PBI Research infected their Bank Customers. ISCorp (cloud provider, USA) → Envision (software) → Pear Tree Advisors (software user). Those are three chains that became victims in one attack.

[UPDATE July 24, 2023] The list of American based firms attacked is both staggering and shocking. I have removed the complete list from this page. It's become too long to reformat for our purpose here. The complete list from KonBriefing is updated daily. There is an applet on their webpage that allows visitors to scroll through the list. It is arranged alphabetically, so USA is far down the list. And by far USA has the greatest number of entries.

What is clear from this chart of victims of MOVEit is that, at least to me, there is a great probability that each and very American citizen that has some kind of electronic footprint has most likely had their personal information pilfered from one, if not more, of these entities listed. Data sets are all integrated with one another across platforms and systems. Even if you have no transactions with any the firms listed above, some other entity you do transact with has probably been breached.

Maybe you have never heard of Choice Hotels International. Have you stayed at one the hotels chains on the right, though? Data from each of those individual hotel chains has been pilfered. And now, most likely, is one more item in some crook's inventory.

The pilfered info has been for sale on the Dark Web for a month now. The gang behind the attacks could well be holding your data for ransom, or extortion — data that was once in the hands of one or more of the attacked entities, as reported by BleepingComputer, June 15, 2023. So none of this is theoretical or hyperbolic speculation. It is real. It is here. And it is now.

My recommendation is to never rely on so-called "personal security" vendors. You might notice that LifeLock is on the list. My recommendation is always take your security into your own hands whenever possible. The best practical defense any individual has to prevent some petty crook who bought your info off the dark web and wants to use that data to get a Credit Card with the crook as an authorized user on your card, for instance, is to place a freeze on your file at the three Credit Bureaus. I am not an expert in this process, but Uncle Sam is. And good ol Sam tells you how to do place a freeze at this article here. There is a detailed article on freezing your credit file from NerdWallet. The Nerdwallet piece is dated March 2023, so it is very current.

Here are Equifax Instructions. Here are Transunion Instructions. And here are Experian Instructions.

As consumers and as computer users, we have very little control over who gets to steal our data. As consumers, we do have a great deal to say about who gets to use that data. And right now, if you have good credit, and you are not considering any major purchase that would involve credit, then by all means take the time and effort, and I think about 10 to 15 bucks per reporting agency, to put a temporary freeze on your credit file. You can thank me later.

Trouble in transit, got through the roadblock
We blended in with the crowd
We got computers, we're tapping phone lines
I know that that ain't allowed
— Life During Wartime, Talking Heads

¯¯\_(ツ)_/¯
Gerald Reiff

Back to Top ← previous post next post →

Top
Newsletter 07/12/2023 Updated 07/29/2023	Back to Contents


	*Versus*
UPDATED 7/29/2023 Valiantly Trying to Save Western Civilization, One Attack At a Time, Part 2. On July 7, 2023, CISA released yet another advisory about the CLOP MOVEit vulnerability. Progress software, the company behind the MOVEit File Transfer application had again patched their product. This time Progress said it released a service pack for the application. This advisory was exactly one month after CISA launched its first advisory about the CLOP MOVEit vulnerability. Also, one month and a few days after CISA ordered all federal agencies to apply the Progress Software patches. Despite what seemed like a massive media push to get the information on MOVEit out and into the public throughout the month of June 2023, the attack continued unabated. German security researcher for KonBriefing has assembled the most complete list of victims of the attack. By far, the USA, both inside the federal government and in the business community, has seen the lion's share of these attacks. Additional victimized entities continued to be added daily. The Victim Count for the US is now 380. Even more unsettling is the vast number of large scale business enterprises that have suffered data breaches as the result of the cyberattacks. The attack has been especially successful because, as has been widely reported, rather than directly attacking their victims and targets, "organizations have been impacted due to their direct use of MOVEit while others have been exposed as a result of third-party vendors’ use of the file transfer service, including PBI Research Services and Zellis." Cybersecuritydive.com also reported, June 27, 2023, that as Michela Menting, senior research director at ABI Research, said: This attack points to the continued success of supply-chain attacks — it’s much easier to target an upstream platform that delivers to many, than targeting each individual downstream target... The biggest worry is that many companies are simply unaware of the potential risk and resulting damage of supply chain attacks such as this one. This has resulted in many institutions suffering multiple attacks. Therefore, it is not just the fiends in Russia behind these attack, their immediate threat may come from the entities' own vendors who are already part of the attack chain. KonBreifing offers several slides that detail how the third party service providers were the source of individual attacks. One examples of this is how PBI Research infected their Bank Customers. ISCorp (cloud provider, USA) → Envision (software) → Pear Tree Advisors (software user). Those are three chains that became victims in one attack. [UPDATE July 24, 2023] The list of American based firms attacked is both staggering and shocking. I have removed the complete list from this page. It's become too long to reformat for our purpose here. The complete list from KonBriefing is updated daily. There is an applet on their webpage that allows visitors to scroll through the list. It is arranged alphabetically, so USA is far down the list. And by far USA has the greatest number of entries.

What is clear from this chart of victims of MOVEit is that, at least to me, there is a great probability that each and very American citizen that has some kind of electronic footprint has most likely had their personal information pilfered from one, if not more, of these entities listed. Data sets are all integrated with one another across platforms and systems. Even if you have no transactions with any the firms listed above, some other entity you do transact with has probably been breached. Maybe you have never heard of Choice Hotels International. Have you stayed at one the hotels chains on the right, though? Data from each of those individual hotel chains has been pilfered. And now, most likely, is one more item in some crook's inventory. The pilfered info has been for sale on the Dark Web for a month now. The gang behind the attacks could well be holding your data for ransom, or extortion — data that was once in the hands of one or more of the attacked entities, as reported by BleepingComputer, June 15, 2023. So none of this is theoretical or hyperbolic speculation. It is real. It is here. And it is now. My recommendation is to never rely on so-called "personal security" vendors. You might notice that LifeLock is on the list. My recommendation is always take your security into your own hands whenever possible. The best practical defense any individual has to prevent some petty crook who bought your info off the dark web and wants to use that data to get a Credit Card with the crook as an authorized user on your card, for instance, is to place a freeze on your file at the three Credit Bureaus. I am not an expert in this process, but Uncle Sam is. And good ol Sam tells you how to do place a freeze at this article here. There is a detailed article on freezing your credit file from NerdWallet. The Nerdwallet piece is dated March 2023, so it is very current. Here are Equifax Instructions. Here are Transunion Instructions. And here are Experian Instructions. As consumers and as computer users, we have very little control over who gets to steal our data. As consumers, we do have a great deal to say about who gets to use that data. And right now, if you have good credit, and you are not considering any major purchase that would involve credit, then by all means take the time and effort, and I think about 10 to 15 bucks per reporting agency, to put a temporary freeze on your credit file. You can thank me later. Trouble in transit, got through the roadblock We blended in with the crowd We got computers, we're tapping phone lines I know that that ain't allowed — Life During Wartime, Talking Heads

¯¯\_(ツ)_/¯ Gerald Reiff