3rd Party Risk Management , Governance & Risk Management

Lessons to Learn From Clop's MOVEit Supply Chain Attacks

Data Minimization and Encryption Mitigate Fallout, Says FS-ISAC's Teresa Walsh
Teresa Walsh, chief intelligence officer and managing director for EMEA, FS-ISAC

Hundreds of organizations fell victim to a supply chain attack unleashed at the end of May. That's when the Clop ransomware group used a zero-day flaw to steal data being stored on instances of MOVEit secure file transfer software, built by Progress Software and used widely across the public and private sectors.

See Also: Live Webinar | Maximizing Security Investments Part 2: Uncovering Hidden Budget and Optimizing Cybersecurity Spend

While stopping a zero-day attack is never easy and sometimes impossible, some victims' exposure to the MOVEit attacks was minimal, thanks to not leaving data on their MOVEit instance, said Teresa Walsh, chief intelligence officer and managing director for EMEA at FS-ISAC, which is the financial services industry's information sharing and analysis center.

"Some companies might have only had one or two files exposed, and that was because - probably - they were really good about taking it off the instance as soon as they were done transferring the file," she said. As a result, unlike organizations that had dozens of files or more get exposed, organizations with better cyber hygiene - including minimizing the data they keep - may have only lost a file or two. Or users who had enabled and configured built-in encryption capabilities may have lost no files at all.

In this interview with Information Security Media Group, Walsh discussed:

  • The fallout from Clop's supply chain attacks, mostly recently against MOVEit users;
  • Why file transfer utilities continue to be a top target of ransomware groups;
  • Essential preventive measures and assurance and detective controls that all secure file transfer tool users should employ.

Walsh leads FS-ISAC's Global Intelligence Office to protect the financial sector against cyberthreats by delivering actionable strategic, operational and tactical intelligence products. Based in the U.K., she oversees FS-ISAC's global member-sharing operations and a team of regional intelligence officers and analysts who monitor emerging threats. Previously, she served as the Europe, Middle East and Africa lead for fraud intelligence and external relationships at JPMorgan. She previously served as a cyber intelligence analyst for Citigroup in the U.S. and Europe. Walsh began her career as a civilian intelligence analyst with the U.S. Naval Criminal Investigative Service.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.