Search This Blog

Powered by Blogger.

Blog Archive

Labels

Oil Industry Giant Shell Under Siege: Clop Group's Ransomware Attack Exposes Vulnerabilities

Shell, a leading oil and gas corporation, confirmed a breach involving the Clop ransomware gang. MOVEit, a file transfer application, was the target.

 


A zero-day vulnerability in MOVEit software has been exploited by the Clop ransomware attack that targets Oil and Gas giant Shell and has been used to mount the attack. Threat actors have been actively exploiting the vulnerability, identified as CVE-2023-34362, to steal data from organizations throughout the world. This is to gain access to sensitive information. Shell is investigating this security breach to determine whether it affected the company's core information technology systems or not. 

The Clop gang has targeted Shell's file transfer service for the second time since being infiltrated by the Clop gang in 2013. They broke into the company's global network of more than 80,000 employees and reported revenues of $381 billion.

It has been reported that Shell US spokesperson Anna Arata has been informed that a cyber security incident has affected a third-party software program from Progress called MOVEit Transfer, which is used by some Shell employees and customers. Arata stated that "so far, there has been no evidence that damage has occurred to Shell's core information systems." In addition, she mentioned that Shell's IT teams are trying to identify any risks and take the appropriate action to manage them.

In Rapid7's investigation undertaken on May 31, the experts discovered that approximately 2,500 instances of MOVEit Transfer were publicly accessible online. A large number of them were located in the United States. Currently, there are 127 installations in the UK, and the number is rising. 

Hundreds of people in the United Kingdom have been affected by Clop's MOVEit hack. There are many victims in this attack, including the international broadcaster BBC, the airlines British Airways and Aer Lingus, the retail pharmacy Boots, and even the agency that regulates the country's communication system, Ofcom. 

Even though Shell and Ofcom appear to use limited settings of the MOVEit tool, they do seem to be significantly less affected by the breach. 

As a result of the attack, Ofcom has announced that a certain amount of confidential information about companies whose activities it regulates has been downloaded, but some of it is confidential. The Ofcom also performed a data download on 412 Ofcom employees who had been affected by the breach. 

In another episode of Clop's ongoing ransomware campaign, the UK's regulator for communication, Ofcom, has been targeted by the attack. The hack of payroll services provider Zellis is known to have caused yet another data breach to make the headlines in recent months. 

As part of its payroll processing services provided by Zellis, the company used a personalized MOVEit Transfer instance to exchange files with tens of different companies via the payroll processor. Accordingly, a lot of companies would likely be affected by this change.

The Daily Telegraph reported that Transport for London had warned up to 13,000 drivers that their data had been stolen in the incident. It said that up to half of the drivers' data may have been breached. Several contractors in the city operated the city's congestion charges and parking charges schemes as a consequence of the incident. 

A BBC report stated that professional services firm EY was also impacted by the crisis. The exact nature of the Zellis account can not be ascertained, or if EY used MOVEit Transfer directly instead of Zellis. Two Zellis users - the BBC and British Airways - have confirmed to me that their whole payroll systems may have been compromised as their data may have been hacked. 

A gang of hackers called Clop targeted Shell for the first time in 2021 when they hacked Accellion's file transfer appliance. This was part of a scheme to extort companies using the appliance. Threatening the leak of sensitive information that had been stolen was the method used to achieve this. 

There was a widespread impact on more than 100 organizations worldwide as a result of the attack on Accellion, including numerous American universities and Bombardier, a Canadian aerospace company. 

In April of this year, Clop exploited a vulnerability in the Fortra product GoAnywhere file transfer product, which could be exploited by third parties. According to the group, the system enabled them to steal data from more than 130 companies, governments, and organizations for extortion. They used the stolen data to extort money.

There has been a second vulnerability in Progress' operating system affecting the popular MOVEit tool. This vulnerability was announced last week by the company that develops the software. There have been several announcements recently about breaches caused by program problems.

In an attempt to extort ransom money from Shell, a prominent name in the oil industry, a ransomware attack was recently launched by Clop, a group that is associated with the NSA. The incident has brought to light the vulnerability that exists within the company's information security infrastructure and has exposed several vulnerabilities.

Regardless of how big or how well-known an organization is, cyber threats can pose an existential threat to any organization regardless of size or reputation. As a result of the attack, the oil industry needs to strengthen its cybersecurity procedures and develop proactive risk management strategies that will protect them from potential threats. This incident can be seen as a lesson for Shell and the rest of the industry to strengthen their digital defenses. This will prevent future cyberattacks from affecting critical operations.
Share it:

Clop Ransomware

Cyberattacks

CyberCrime

Cybersecurity

Daily Telegraph

Shell

Vulnerabilities and Exploits

Zellis