Cl0p’s MOVEit attacks have shone light on the cyber re/insurance industry’s blind spots, a recent report by cyber analytics firm CyberCube revealed.
The global MOVEit MFT (Managed File Transfer) attack is an ongoing cybersecurity incident, led by the Cl0p ransomware and extortion gang, that has affected companies and government agencies on both sides of the Atlantic.
The impact has been substantial – with hundreds of companies already hit by data theft and extortion, and the private information of over 20 million individuals exposed to date.
CyberCube’s Single Point of Failure (SPoF) Intelligence tool identified 2,890 vulnerable MOVEit MFT deployments mapped to companies in 75 different countries at the time of the attacks in June.
SPoF technology refers to a critical system, product, or service that is relied upon by many companies. The failure of such technology can cause a domino effect, affecting many organisations in tandem and creating a ripple effect of adverse outcomes.
The “CyberCube SPoF Intelligence: Lessons Learned from the MOVEit Attack” report looked at this incident and highlighted three key lessons that can be learned from the MOVEit attacks that can help the re/insurance industry better understand how widespread data breach and extortion events can unfold.
These are: Cyber re/insurers have a blind spot when it comes to managing third-party risk arising from insureds’ service providers and their partners using vulnerable SPoFs.
Also, companies that are dependent on Data Aggregator SPoFs, including MFT applications, could be targeted in future attacks. This points to the need for the re/insurance industry and the broader security community to be vigilant about the threat to MFTs, even if it is not MOVEit.
Analysts warned that the MOVEit attack will not be the last widespread data breach and extortion event; and emphasised that re/insurers should focus on identifying insureds that are using risky MFT SPoFs.
William Altman, Cyber Threat Intelligence Services Lead, said: “The cyber re/insurance industry is currently looking into the concept of systemic cyber events and specifically questioning whether Cl0p’s MOVEit attacks can be classified as one.
“As the industry strives to establish a unified definition for systemic cyber disasters, examining events such as Cl0p’s MOVEit attacks closely is crucial, as they provide invaluable real-world evidence that can help shape more informed perspectives.”
