Gen Digital, the parent company of cybersecurity subsidiaries such as Avast and Norton, confirmed on June 20 that the personal information of its employees was compromised in yet another a MOVEit ransomware attack.
The company stated that it was affected by a ransomware attack in response to inquiries, confirming that personal information such as names, addresses, employee IDs, and email addresses were revealed.
“We use MOVEit for file transfers and have remediated all of the known vulnerabilities in the system. When we learned of this matter, we acted immediately to protect our environment and investigate the potential impact. We have confirmed that there was no impact to our core IT systems and our services and that no customer or partner data has been exposed,” according to Gen Digital’s public notice, which further confirmed that it informed all parties that may have been affected, as well as data protection regulators.
The bug, a critical-severity SQL injection tracked as CVE-2023-34362, started out as a zero-day vulnerability that has been part of an exploitation campaign at the hands of Cl0p ransomware gang. The attack is ongoing even post-patch, and has targeted more than 100 companies and organizations so far.
“As a general best practice, we advise never to directly allow for apps like MOVEit Transfer to be directly exposed to the Internet in cloud environments,” said Amitai Cohen, attack vector intel lead at Wiz, in an emailed statement. “Instead, place the app behind a VPN, a reverse proxy or a single sign-on (SSO) landing page. This strategy will help to mitigate the effect of potential attacks exploiting vulnerable or misconfigured application endpoints and other attacks that are similar in nature.”