MOVEit Transfer hack: What steps Middle East firms can adopt to counter attacks

Since the end of May, a widespread cyberattack has been targeting numerous banks, consultancies, legal firms, and major energy companies in the United States and United Kingdom. This attack exploits the vulnerability of MOVEit Transfer, a software tool commonly employed by corporations and enterprises for sharing large files via the internet.

Since mid-June, the hacker group known as FIN11 has been publicly exposing the names of the organizations they have targeted for ransomware attacks and extortion on their website dedicated to humiliation.

To stay updated with the newest news stories, make sure to check out our Google News channel either on the internet or through the application.

According to Jamie Collier, a Senior Threat Intelligence Advisor at Mandiant, a cybersecurity company affiliated with Google, organizations in the Middle East can proactively protect themselves by embracing a method focused on meeting specific needs. Despite the fact that the attack has not yet affected this area, adopting this approach will enable them to stay prepared and avert potential harm.

During an interview with Al Arabiya English, Collier mentioned that threat intelligence teams operate in environments where resources are limited. However, the magnitude of cyber threats that organizations confront has reached unprecedented levels. According to recent research conducted by Mandiant, 79 percent of those responsible for making security decisions generally lack information about their adversaries.

Companies that adopt a 'needs-focused method' can greatly enhance the effectiveness, usefulness, and worth of an intelligence initiative.

"However, a well-defined approach is essential," stated Collier, a prominent figure in threat analysis who has acquired extensive knowledge through firsthand experience in the field of safeguarding digital infrastructure.

Collier stated that, in basic language, "it is essential for an intelligence group to consistently concentrate on the demands of their organization -- these are referred to as 'necessities.' A Cyber Threat Intelligence (CTI) group should commence with these necessities and utilize them as a blueprint for all their tasks, starting from gathering data to disseminating valuable perspectives to others."

Once a report is finished and distributed to the appropriate individuals, it is important for the team to receive feedback and reassess their initial needs in order to maintain a steady and ongoing enhancement.

Collier suggests that the utmost priority should be on fulfilling the demands of the parties involved and reassessing their expectations.

This journey is an ongoing one, and it must have room for adjustment and versatility. When executed effectively, it will establish benchmarks, enhance safety measures, and integrate intelligence as a crucial element of an organization's security.

According to Collier, intelligence teams have the ability to create more customized intelligence products if they possess a deep understanding of their organization's distinctive circumstances.

"For example, if a team of experts in intelligence is aware that a team responsible for managing vulnerabilities is finding it difficult to prioritize their efforts in applying patches, sharing information about vulnerabilities that are actively being exploited in the same industry and geographical area as the organization can greatly improve their effectiveness," he explained.

Cybersecurity: Growing Trends In Regions

Phishing and spear phishing attacks are frequently directed towards both businesses and individuals in the Middle East. The local population is accustomed to receiving fraudulent text messages claiming to be from institutions like the Central Bank or Police, with the aim of deceiving them into revealing their banking information, according to Renze Jongman, a Threat Intelligence Advisor (MEA) from Mandiant, who spoke to Al Arabiya English.

"But the issue goes beyond minor deception," he stated. "For instance, highly organized criminals as well as individuals sponsored by the government may aim at unsuspecting individuals through fabricated job prospects. Likewise, companies seeking specific expertise frequently fall prey to counterfeit curriculum vitae. The moment a recruiter opens the document, malicious software is implanted into their computer system."

He added, "By focusing on particular firms or sectors, cyber culprits can closely target valuable objectives, while espionage agents can gather classified and secretive data regarding highly specific subjects. Ultimately, individuals seeking employment would willingly discuss their past professional experiences."

Mandiant recently released its M-Trends 2023 report, which provides valuable information about the current state of cybersecurity threats. According to their research, spear phishing, a method in which cybercriminals aim to steal important data like login details or financial information from specific individuals, is the most common attack technique in the EMEA region. On the other hand, in other parts of the world, exploit kits, which are tools designed to take advantage of vulnerabilities in a user's system automatically, are more prevalent.

Jongman provided an in-depth analysis of the consequences resulting from the attack on MOVEit Transfer and the series of events occurring in the Middle East at a global level.

According to Jongman's statement to Al Arabiya English, the cybercriminal gang called FIN11, alias Cl0P, is targeting businesses that rely on Progress Software's MOVEit Transfer Software. This software is widely used by numerous organizations, including those situated in the Middle East, as a means to safely transfer their files.

The way FIN11 operates is by searching the web for companies that employ the software and then attempting to take advantage of a vulnerability that was detected by Progress in May. Once they succeed, they will seize the data stored on the server and use it as leverage to demand payment from the targeted organization. FIN11 carries the menace of revealing the stolen information on the internet if the organizations refuse to meet their ransom demands.

Jongman stated that incidents like these have a much wider reach than just the affected organizations. This issue has a direct impact on regular individuals as well. The amount of personal data that has been stolen is substantial. Once this information becomes exposed, it opens the door for other malicious individuals to access and utilize it for fraudulent activities such as identity theft, fraud, and phishing. This is a major concern, particularly in the Middle East.

He advised that companies utilizing MOVEit Transfer Software must promptly take actions to safeguard their data and clients.

Progress Software has launched a range of updates that should be implemented without delay. Mandiant has released a comprehensive manual containing extra instructions to aid organizations in fortifying their defense.

Title: Cybercriminals Expose Children's Confidential Data Following School Breaches Text: In the United States, there has been a concerning trend emerging wherein hackers are compromising school systems and subsequently divulging private information of innocent children through online channels. Instances of cyber attacks on educational institutions are on the rise, with perpetrators gaining unauthorized access to student databases and sensitive records. Once infiltrated, these criminals seem to have no qualms about disseminating children's personal files across the internet, posing severe threats to their privacy and security. This alarming revelation underscores the urgent need for enhanced cybersecurity measures within educational ecosystems. Schools and educational authorities must invest substantial resources and efforts into fortifying their digital infrastructure, ensuring the protection of confidential student information. It is imperative to shield the vulnerable younger generation from the potential repercussions of such violations. Moreover, parents and guardians should remain vigilant and actively participate in educating their children about online safety practices. Raising awareness about the dangers of sharing personal information online is crucial in safeguarding youngsters from falling prey to cybercriminals. As a society, it is incumbent upon us to acknowledge the gravity of this issue and collaborate to combat this growing menace. By collectively working towards a safer online environment for children, we can contribute to a more secure future for the next generation.

Pro-Kremlin cybercriminals focus on sabotaging the site belonging to the biggest harbor in Europe.

A suspected government-supported hacking group targets additional countries as the menace continues to escalate.