In this episode of Storm Watch, the hosts discuss the recent MOVEit data breach and its impact on various organizations. They mention that around 550 organizations have been affected so far, but this number is likely to increase significantly. One of the victims, National Students Clearinghouse, partners with about 3,600 US post-secondary schools, and it is unclear how many of these institutions have been affected. The hosts also discuss the costs associated with incident response, with one company estimating its recovery and remediation costs at $15 million.
Brett Callow from Emsisoft joins the conversation to provide more insight into the MOVEit breach. He explains that his role as a threat analyst involves aggregating data from various sources to shed light on ransomware numbers and trends. The hosts discuss whether the MoveIt breach should be classified as ransomware or simply data theft and extortion. Brett mentions that the attackers have stolen data and are threatening to release it online unless the impacted organizations pay ransoms, which can run into millions of dollars.
The hosts also touch on recent vulnerabilities in MobileIron, ColdFusion, and Citrix ShareFile, noting that they have observed malicious activity targeting these vulnerabilities. They praise the efforts of their team in creating numerous tags for July, highlighting the importance of staying informed about potential threats.
Finally, the hosts briefly mention the threat hunting guides and encourage listeners to check them out for valuable information on identifying and mitigating potential threats.