CyberCube report: MOVEit attacks shine light on cyber (re)insurance industry’s blind spots

LONDON--(BUSINESS WIRE)--Key lessons can be learned from Cl0p’s MOVEit attacks, according to analysis by leading cyber analytics firm CyberCube.

The ongoing cybersecurity incident known as the global MOVEit MFT (Managed File Transfer) attack has affected companies and government agencies on both sides of the Atlantic. The impact has been substantial - with hundreds of companies already hit by data theft and extortion, and the private information of over 20 million individuals exposed to date. The Cl0p ransomware and extortion gang was behind the attacks.

A Single Point of Failure (SPoF) technology refers to a critical system, product, or service that is relied upon by many companies. The failure of such technology can cause a domino effect, affecting many organizations in tandem and creating a ripple effect of adverse outcomes. CyberCube’s SPoF Intelligence tool identified 2,890 vulnerable MOVEit MFT deployments mapped to companies in 75 different countries at the time of the attacks in June.

A new report “CyberCube SPoF Intelligence: Lessons Learned from the MOVEit Attack” highlights three key lessons that can be learned from the MOVEit attacks that can help the (re)insurance industry better understand how widespread data breach and extortion events can unfold. These are:

1. Cyber (re)insurers have a blind spot when it comes to managing third-party risk arising from insureds’ service providers and their partners using vulnerable SPoFs.
2. Companies that are dependent on Data Aggregator SPoFs, including MFT applications, could be targeted in future attacks. This points to the need for the (re)insurance industry and the broader security community to be vigilant about the threat to MFTs, even if it is not MOVEit.
3. The MOVEit attack will not be the last widespread data breach and extortion event. (Re)insurers should focus on identifying insureds that are using risky MFT SPoFs.

William Altman, Cyber Threat Intelligence Services Lead, said: “The cyber (re)insurance industry is currently looking into the concept of systemic cyber events and specifically questioning whether Cl0p's MOVEit attacks can be classified as one. As the industry strives to establish a unified definition for systemic cyber disasters, examining events such as Cl0p's MOVEit attacks closely is crucial, as they provide invaluable real-world evidence that can help shape more informed perspectives.”

Read the report here