{"id":43375,"date":"2023-12-15T13:12:50","date_gmt":"2023-12-15T18:12:50","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=555317"},"modified":"2023-12-15T13:12:50","modified_gmt":"2023-12-15T18:12:50","slug":"dental-benefits-group-notifying-almost-7-million-americans-of-moveit-data-theft","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/dental-benefits-group-notifying-almost-7-million-americans-of-moveit-data-theft\/","title":{"rendered":"Dental benefits group notifying almost 7 million Americans of MOVEit data theft"},"content":{"rendered":"<p>Almost 7 million U.S. residents are being notified by a dental benefits provider that their personal information was stolen in one of the biggest single attacks involving the MOVEit file transfer application.<\/p>\n<p>Delta Dental of California and its affiliates, which provide dental benefits to individuals through commercial groups, <a href=\"https:\/\/apps.web.maine.gov\/online\/aeviewer\/ME\/40\/0f821b31-9e4f-4b15-872c-69fef62a93fa.shtml\"  rel=\"noopener\">said the attacker copied<\/a> subscribers&#8217; names, Delta financial account number or their credit\/debit card numbers, along with security access codes, passwords or PIN numbers with the accounts. Passport numbers in some cases were also copied.<\/p>\n<p><a href=\"https:\/\/www.emsisoft.com\/en\/blog\/44123\/unpacking-the-moveit-breach-statistics-and-analysis\/\"  rel=\"noopener\">According to numbers tracked by Emsisoft<\/a>, this is the third biggest publicly confirmed data theft from an individual company so far. The biggest is Maximus Inc., a U.S. government services provider, which said information on 11.3 million people was stolen from its MOVEit Transfer system.<\/p>\n<p>The Clop\/Cl0p ransomware gang has taken credit for discovering and exploiting a zero day vulnerability allowing it to bypass multifactor authentication on both on-premises and cloud versions of Progress Software&#8217;s MOVEit application.<\/p>\n<p>The vulnerability, <span data-contrast=\"none\"><a href=\"https:\/\/community.progress.com\/s\/article\/MOVEit-Transfer-Critical-Vulnerability-31May2023\"  rel=\"noopener\">CVE-2023-34362<\/a>, has been assigned a severity rating of 9.8 out of 10.\u00a0<\/span><\/p>\n<p>U.S.-based organizations account for 78.4 per cent of known victims, Emsisoft says, Canada-based 13.8 percent and Germany-based 1.4 per cent. The most heavily impacted sectors are education (40.0 percent), health (19.6 percent), and finance and professional services (12.7 percent).<\/p>\n<p><a href=\"https:\/\/www.kroll.com\/en\/insights\/publications\/cyber\/moveit-vulnerability-investigations-uncover-additional-exfiltration-method\"  rel=\"noopener\">According to researchers at Kroll LLC<\/a>, the most common technique of compromise involved a dropped web shell to inject a session or create a malicious account. From there, threat actors were able to reauthenticate and use the MOVEit application itself to transfer files.<\/p>\n<p>However, in a few instances, the attacker passed three variables to the web shell: The organization ID, the folder ID and the file name. From there, the web shell utilized MOVEit API calls for file enumeration and data exfiltration. A Python script was used exfiltrate data during the initial wave of co-ordinated and largely automated attacks across MOVEit servers.<\/p>\n<p>Kroll forensic analysis <a href=\"https:\/\/www.kroll.com\/en\/insights\/publications\/cyber\/clop-ransomware-moveit-transfer-vulnerability-cve-2023-34362\"  rel=\"noopener\">has also seen activity<\/a> suggesting the Clop gang was likely experimenting with ways to exploit this particular vulnerability as far back as 2021.<\/p>\n<p>The post <a href=\"https:\/\/www.itworldcanada.com\/article\/dental-benefits-group-notifying-almost-7-million-americans-of-moveit-data-theft\/555317\">Dental benefits group notifying almost 7 million Americans of MOVEit data theft<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Delta Dental says attacker stole names, account numbers and credit\/debit ca<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[361,16],"tags":[425,391,924,393,275],"class_list":["post-43375","post","type-post","status-publish","format-standard","hentry","category-privacy","category-security","tag-data-breach","tag-di","tag-moveit","tag-security-strategies","tag-top-story"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/43375","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=43375"}],"version-history":[{"count":1,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/43375\/revisions"}],"predecessor-version":[{"id":43376,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/43375\/revisions\/43376"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=43375"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=43375"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=43375"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}