Ken Dunham emphasized the severity of the situation: "The MOVEit managed file transfer (MFT) software vulnerability (CVE-2023-34362) continues to be discussed in the news due to widespread exploitation and the depth of exploitation. Groups including the infamous Cl0p ransomware group quickly took advantage of this zero-day opportunity to exploit targets of interest for high-payouts. In the case of ransomware, involving double-extortion tactics, techniques and procedures (TTPs), it is common for a wealth of data to be stolen to force payout."
He further elaborated on organizational preparedness: "While we may tire from hearing about MOVEit updates in the news, it is critical to apply lessons learned to each organization - what can an organization do to proactively move to the 'left of boom' to avoid exploitation, rapidly identify and remediate threats if an incident occurs, and best manage a disaster should one occur? Readiness is more than planning on paper, it requires regular testing, demonstrating TTPs and defensive measures."
Collection
[
|
...
]