MOVEit cyber extortion attack underlines resurgence in Russian cybercrime activity, says Databarracks
June 2023 by Databarracks
The recent MOVEit cyber extortion attack – reported to be perpetrated by the Russian Clop cybercrime gang – highlights that groups in Russia are ramping up their campaigns against global organisations once again, following a decline after the breakup of REvil last year. According to Databarracks, businesses should be prepared for similar attacks.
Clop claims it has stolen payroll data from organisations including the BBC, British Airways and Boots and is demanding the affected companies open ransom negotiations.
James Watts, Managing Director, at Databarracks said, “Supply chain attacks like this are becoming increasingly common.
“These are attractive targets for attackers because they are a multiplier for their efforts. A single breach gets into numerous organisations and provides multiple avenues for ransom.
“One of the fundamental drivers for the rise in ransomware and cyber extortion, and the reason it is so hard to solve is that attackers and their victims are rarely in the same country. The only way to tackle the issue is with cross-border cooperation from law enforcement.
“Before the Russia-Ukraine conflict, a joint US and Russia campaign led to the dissolution of the REvil ransomware group, along with an overall decrease in global ransomware attacks.
“The MOVEit attack is yet another example of what happens now this period of relative détente is over. Relations between Russia and the West are at rock bottom, so we’re much less likely to see international collaboration to take down Russian cybercrime groups than we were in early 2022.
Watts urges businesses to take steps to audit and secure their supply chains.
“Supply chain security has not yet received the same level of attention as internal cyber security. A UK government policy paper identified low recognition of supplier cyber security risk and limited visibility into supply chains, as major challenges.
The first place to start is to understand your risks. That means identifying the sensitivity of the data your suppliers hold, and knowing who your suppliers are and what risks they pose. Go beyond your direct contracts to find out the suppliers of your suppliers.
Conduct regular audits of your critical supply chain. The data you extract from the audits will tell you what and where you should focus your efforts. Your audit might reveal a vulnerability with and by changing suppliers you could help minimise the risk. Or, if you continue to use a supplier, you are at least prepared in the event of a breach as you know the extent of your exposure and can accelerate your response.