How to Strengthen Your Organization’s Posture Against Data Exploitation and Third-Party Vulnerabilities

The Hack and Industry-Wide Consequences

This Spring, Progress Software Corporation revealed a hack of their MOVEit file transfer software. Nearly two hundred financial services organizations were sent into crisis-management after millions of their customers’ personal identifiable information (PII) and other data were hacked over the Memorial Day holiday weekend¹.
The hack caused and continues to cause enormous privacy, legal and financial complications. One company alone disclosed that the breach affected 1.5 million of its customers, revealing their social security numbers. Experts reportedly believe that 3,000 deployments of MOVEit software were active when the hack occurred. The hack demonstrates just how much the retirement, insurance, and banking industries need to re-evaluate how they approach data operations.

Behind the Hack

On May 31, 2023, Progress disclosed a critical zero-day (identified, but not patched) vulnerability in their MOVEit file transfer software. The attackers reportedly exploited a zero-day SQL injection vulnerability in MOVEit’s web application. Among its many uses, the breached software is the basis of file transferring capabilities for PBI Research Service’s data verification products.
Soon after the disclosure, affected organizations kicked-off response measures. The culprits attributed with the attack are hacker group Lace Tempest and C10p Ransomware Gang^2,3 which continue to exploit the data for fraud and extortion purposes. Security experts speculate that the vulnerability may have been exploited even before the May 31, 2023 disclosure of its existence.⁴

Wider Security Implications

Insurance and retirement professionals are anxious, frustrated, and skeptical about the ability of their third-party vendors to withstand relentless security attacks. The increasing number of successful attacks can and will result in potentially catastrophic losses for many of these companies’ customers, and for the companies themselves.

Bad actors are increasingly sophisticated. Industry professionals need to do more to continuously evaluate legacy vendors and processes to ensure that practices that may have been acceptable in the past are not ripe for exploitation today.

Securing the transfer and processing of sensitive data in a shifting environment of bad actors requires system architectures to have the least possible threat surface, diligent patching, and near-constant monitoring.

The size of the MOVEit breach demonstrates that cybersecurity must be a critical priority in today’s business landscape. The MOVEit breach could be the push the industry needs to rethink security modernization. It is now time to finally abandon the antiquated legacy vendor approaches that have left customer data exposed and vulnerable.

3 Critical Steps for Every Corporation with Confidential Data

Here are 3 steps to becoming a cybersecurity champion within your data management and vendor selection processes.

• Engage cybersecurity professionals into your processes and initiatives by making them part of your third-party vendor search early on.
• Embrace and promote adoption of correct internal data practices such as strict and modern encryption.
• Know what to ask and demand from third-party data vendors.

How Evadata LENS Technology Minimizes Security Risks

No product is invulnerable, but Evadata LENS is an example of a cloud-native data product with security designed into the technology instead of added on as a separate component. Evadata security technology features the following components:

• Evadata sets up the LENS data flows to be elusive, meaning that the data flow is never “ON” for longer than small periods of time. The IP location changes constantly.
• LENS is a cloud-native software that leverages the best available knowledge of cloud security vulnerabilities.
• All code is scanned for vulnerabilities before it is allowed to be used to service customers.
• Evadata automatically and continuously monitors for vulnerabilities and patches its systems.
• Finally, LENS’ serverless architecture allows complete dismantling of infrastructures immediately after use, leaving bad actors with less opportunity to target.

All these characteristics make it extremely difficult to find, track, or attack the system. Furthermore, the system undergoes continuous penetration testing as well as strict encryption. Customers can review Evadata’s security status in real time at .
In other words, the root causes of the MOVEit breach do not exist within Evadata LENS security. More importantly, a renewed inspection of legacy vendors and processes by cybersecurity experts will identify threats and lead to changes that will lessen the chances of a significant data breach like that which occurred with MOVEit.

Sources:

1. Dark Reading. C10p’s MOVEit Campaign Represents a New Era in Cyberattacks. July 5, 2023. here.
2. Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability. June 1, 2023. Access here.
3. CISA Cybersecurity Advisory. June 7, 2023. Access here.
4. Steve King, CISM, CISSP, Canadian Cybersecurity Network. Access here.