Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Pensions. Show all posts

GoAnywhere Hack Targets UK Pension Protection Fund

 


Among the largest asset managers in the United Kingdom, the U.K. Pension Protection Fund, which manages £39 billion in assets, confirmed that the hack against GoAnywhere, the popular file-transferring service, had impacted it. 

There have been many reports in recent days that many different organizations have confirmed their data has been accessed by hackers as a result of this incident. One of these organizations is the City of Toronto, a British multinational company, as well as the University of Toronto. 

The fund, which manages pension assets for nearly 300,000 clients, announced its decision to inform employees affected by the change. To help those impacted by the breach, it offers support, monitoring, and emergency services.   

PPF said that although Fortra, the company behind GoAnywhere, initially assured them that there had not been any impact on data as a result of the February breach, this was not the case. It was also revealed that some data was potentially compromised during a subsequent investigation.   

In response to this, the pension fund stopped using the firm's services immediately, due to this incident. 

Fortran's Managed File Transfer platform is used by many companies around the world. Fortra is a software solutions provider that automates the process of sending valuable data over the Internet through automated software solutions.  

The Clop ransomware group leak site added more than three dozen victims on Thursday. In light of the GoAnywhere hack, it appears that all of them have been impacted. 

Originally, Clop was reported to have hacked into over 130 organizations using a GoAnywhere vulnerability, which is tracked under the CVE-2023-0669 designation. This has occurred in more than 130 organizations. 

At the time the incident was reported to the PPF, GoAnywhere's parent company Fortra had assured them that any impact on their data would be minimal at the time the incident was reported. 

Although, the PPF is now listed separately on the Clop site from the other victims affected by the incident. 

With the GoAnywhere breach continuing to wreak havoc across a growing number of organizations over the last few weeks, the number of organizations affected is increasing.   

More than 130 organizations across various sectors have been affected as of yet, including those in both the public and private sectors. There was a breach suffered by Rubrik earlier this month due to the incident, as revealed by the company's US-based cloud vendor.   

A mining company based in Australia, Rio Tinto, is among the companies that have been affected by the information leak discovered on Thursday. 

During the investigation, it was revealed that data related to existing and former employees was compromised, including payroll information.  

In the latest breach, the University of Melbourne seems to be the latest company to have its data compromised. An academic institution has been added to the Clop ransomware group's leak site overnight after the group claimed responsibility for the attack.   

A software vulnerability in Fortra's data transfer platform was exploited by threat actors to gain access to GoAnywhere's data. Fortra first disclosed details of the breach in early February.   

It has been revealed that over 100 organizations have been compromised as a result of the Clop ransomware attack. The number of companies that have fallen victim to this attack has steadily increased since it was first discovered in 2012.   

In recent years, Clop has gained a reputation as one of the most prolific ransomware groups, targeting dozens of organizations with its malicious software.   

Efforts to wage attacks by the Russian-linked gang are being carried out as part of ransomware as a service (RaaS) operation, which means it depends on several affiliates. 

The group has been associated with larger cyber-criminal gangs such as FIN11 and TA505, according to Louise Ferrett, threat intelligence analyst at Searchlight Cyber. This attack targets large, high-profile organizations in the public eye.   

This is not the first time Ferret said that his group has been involved in a massive hack, though he didn't deny that it has happened before.   

There are more than 100 companies that were compromised by a similar attack using Accellion's legacy File Transfer Appliance which was deployed in late 2020 and early 2021. The attack was designed to exploit a mix of zero-day vulnerabilities and a powerful web shell, she went on to explain.   

Fortra's GoAnywhere MFT secure file transfer tool was used in the operation this time to exploit CVE-2023-0669. Clop distinguishes itself from other ransomware operations because, in addition to attacking multiple organizations and announcing them publicly, it also takes a spear-phishing approach.

It has been established that Clop is an established cybercriminal group, specializing in ransomware. However, it does not appear to have been installed on any systems in any of the organizations impacted by the GoAnywhere breach.