Gen Digital, the parent company of renowned cybersecurity firms like Avast and Norton, has acknowledged that its employees' personal data has been compromised in another attack by the Cl0p ransomware group.
The company confirmed the cyberattack on June 20 after being prompted for information, disclosing that sensitive details such as employee names, addresses, IDs, and email addresses had been exposed.
As per Gen Digital's public notice, which further confirmed that it informed all parties that may have been affected, as well as data protection regulators, "We use MOVEit for file transfers and have remediated all of the known vulnerabilities in the system. When we learned of this matter, we acted immediately to protect our environment and investigate the potential impact. We have confirmed that there was no impact to our core IT systems and our services and that no customer or partner data has been exposed."
The security breach stemmed from a critical SQL injection flaw, identified as CVE-2023-34362, which was initially an undisclosed vulnerability. The Cl0p ransomware gang exploited this zero-day vulnerability as part of an ongoing campaign.
Despite the release of a patch, the attacks continue unabated, with over 100 companies and organizations falling victim to this targeted assault.
"As a general best practice, we advise never to directly allow for apps like MOVEit Transfer to be directly exposed to the Internet in cloud environments," stated Amitai Cohen, attack vector intel lead at Wiz, in an emailed statement.
Further added, a"Instead, place the app behind a VPN, a reverse proxy or a single sign-on (SSO) landing page. This strategy will help to mitigate the effect of potential attacks exploiting vulnerable or misconfigured application endpoints and other attacks that are similar in nature."