Ciena Says ‘Limited’ Data Impacted In MOVEit Attack
The telecom networking equipment vendor confirmed that its MOVEit instance was affected after the company was claimed as a victim by the cybercriminal group Clop.
Ciena has determined that a “limited amount of data may have been impacted” in connection with a cyberattack that exploited the MOVEit file transfer tool, according to a statement provided to CRN Thursday.
The telecommunications networking equipment and software services specialist joins a large list of confirmed victims from the widespread MOVEit attacks.
[Related: 8 Tech And IT Companies Targeted In The MOVEit Attacks]
“We verified through an independent security partner that our instance of the MOVEit Secure File Transfer application was exposed to the vulnerability and a limited amount of data may have been impacted,” Ciena said in the statement.
“We are actively investigating the scope of the impact, but at this time we believe that no other systems in our network environment were impacted,” the company said. “We take data privacy and security very seriously and upon learning of the incident, we have and continue to communicate to impacted parties.”
Ciena did not specify what type of data was likely impacted in the attacks.
The company provided the statement after its name appeared on the dark web site of the cybercriminal group Clop. The Russian-speaking gang has been demanding extortion payments from alleged breach victims in exchange for not posting stolen data on its site.
There are now more than 200 known victims of the MOVEit attacks, according to a tally by Emsisoft threat analyst Brett Callow.
Disputing Clop’s Claims
Not all companies that have appeared on Clop’s dark web site have confirmed that they were actually affected in the MOVEit cyberattack campaign, however.
Iron Bow Technologies, a major IT solution provider whose name was posted on Clop’s site last week, said in a statement provided to CRN that it “was not impacted.” The statement came from Brad Giese, CISO at Iron Bow, No. 44 on CRN’s Solution Provider 500 list for 2023.
“After a detailed forensic investigation, we can confirm that our endpoint detection mechanisms intercepted and halted an attempted exploit of the MOVEit application and no data was exfiltrated,” Giese said in the statement.
A Prime Target
Managed file transfer tools, such as Progress’ MOVEit Transfer, enable the ingestion of large volumes of data that can then be moved from point to point, making them an appealing target for data thieves.
To protect against data exfiltration attacks such as the MOVEit campaign, organizations should consider implementing “hardened” repositories for the most critical data, according to James Turgal, vice president for cyber risk, strategy and board relations at cybersecurity solutions and services firm Optiv.
Turgal, formerly an executive assistant director for the FBI’s Information and Technology Branch, told CRN that creating “resilient systems” such as this will be increasingly necessary amid the focus by some cybercriminals on data theft and extortion.
“If you’ve got containerized data repositories that the threat actors can’t get to, then even if they’re able to exfiltrate data, they’re not exfiltrating the most important data,” he said. “And so there’s no extortion aspect to it.”
While a series of vulnerabilities have been discovered since late May in Progress’ MOVEit Transfer and MOVEit Cloud tools, the original flaw (tracked at CVE-2023-34362) has been pinpointed as the source of Clop’s attacks.
The vulnerability, which was reported by Progress on May 31, can enable escalation of administrative privileges and unauthorized access, Progress has said.