Attack targets government agencies and private organizations

Last week, the Cybersecurity and Infrastructure Security Agency (CISA) announced that a Russian ransomware group had breached the systems of several federal agencies and an unknown number of private organizations.

The attack took advantage of a known vulnerability in MOVEit, a popular file transfer software. The U.S. Energy Department revealed that data from two of its sections was stolen, while the State Department and the FBI declined to comment when asked whether their information was affected.

A senior CISA official did admit that the number of federal agencies affected may increase since other agencies like NASA, the Treasury Department, and the Defense Department had purchased the MOVEit software in the recent past. Several hundred other companies and organizations have said they were also impacted.

That includes local governments in Illinois, Canada, and the United Kingdom; international corporations like British Airways and Shell; prominent academic institutions like Johns Hopkins and the University of Georgia; and even England’s esteemed broadcasting conglomerate, the BBC.

So far, the Russian ransomware group responsible for the attack has insisted that they have no interest in exploiting stolen information for political or military gain. But these types of attacks have escalated in the year and a half since Russia invaded Ukraine. Cybersecurity experts believe many of them have been coordinated with the Russian government—and point out that compromised data can be sold to the highest bidder on the dark web, often ending up in the hands of other bad actors.

How Can You Protect Your Information?

The good news is that CISA has described the breach as mostly “opportunistic,” with hackers testing out their ability to exploit the vulnerability that MOVEit publicly announced last month. No “specific high-valuable information” has turned up in digital black markets, and assessment reports so far claim that the attack has not been as damaging as previous cyber incidents.

If anything, the hack reinforces the fact that any company can be attacked—and that it’s critical to take a proactive approach to cybersecurity. Here are five recommendations from CMIT Solutions for beefing up protection for your business and your data:

• Make a plan for deploying security patches and software updates. MOVEit had released a patch to address the known vulnerability in its software, but it’s unclear yet whether government agencies and private organizations had actually implemented it. A reliable IT provider can help your company roll out automated patches and update installations during off hours to keep your business safe and eliminate disruptions for your employees.
• Turn on multi-factor authentication (MFA) for all accounts and all users. MFA involves entering at least two credentials for every login: something you know (a password) and something you have (a unique code delivered via text or email, or a push notification from a single sign-on app). This extra layer of protection is a must for any account, minimizing the threat of compromised passwords and providing day-to-day security for every user.
• Deploy multi-layered network security tools throughout your systems. This includes basic layers like antivirus, anti-spam, and anti-malware protection, along with more advanced tools like network analysis, end-to-end encryption, and proactive monitoring. Every business operating in every industry requires a different mix of cybersecurity layers, and a knowledgeable partner like CMIT Solutions can customize a plan that’s perfect for you.
• Implement regular, remote, and redundant data backups that protect business information against the threat of ransomware. Data is the lifeblood of nearly every company—and it deserves to be backed up regularly, remotely, and redundantly to mitigate the impact of cyberattacks. If ransomware does infect your system and encrypt your data, you can respond quickly by resetting affected devices and recovering the most recent backup. That’s a far better alternative to paying a shady international criminal gang a ransom in unregulated digital currency and then hoping they give you your stolen data back.
• Provide employees with education and training to prevent common phishing and password hacks.Although the MOVEit hack didn’t target specific users with social engineering scams, cybersecurity training can still help your staff prepare for such an attack in the future. These sessions can be conducted in-person or virtually, presenting your employees with common scenarios like simulated phishing attempts or business email compromise scams. When your employees see these methods in a controlled environment, it helps them learn how to properly respond and reinforces good behaviors.

The impact of this recent ransomware attack is still unfolding—but small and medium-sized businesses across North America can use it as an opportunity to shore up cybersecurity protections and enhance network defenses.

At CMIT Solutions, we believe it’s not so much a matter of if you’ll get hacked but when—and not whether it could happen but how severe the consequences will be when it does. That’s why we deploy practical, affordable cybersecurity tools that anticipate and reduce risk.

If you’re looking for a business partner who specializes in detecting and preventing cyberattacks while developing rapid response strategies to common problems, CMIT Solutions is here to help. We go the extra mile to protect the data, devices, and digital identities of our clients, with more than 900 staff members at 250 offices across North America working day and night to deploy enhanced protections and develop new strategies for business success.

Contact CMIT Solutions today to find out more.