Lessons to Learn From Clop's MOVEit Supply Chain AttacksData Minimization and Encryption Mitigate Fallout, Says FS-ISAC's Teresa Walsh
Hundreds of organizations fell victim to a supply chain attack unleashed at the end of May. That's when the Clop ransomware group used a zero-day flaw to steal data being stored on instances of MOVEit secure file transfer software, built by Progress Software and used widely across the public and private sectors.
While stopping a zero-day attack is never easy and sometimes impossible, some victims' exposure to the MOVEit attacks was minimal, thanks to not leaving data on their MOVEit instance, said Teresa Walsh, chief intelligence officer and managing director for EMEA at FS-ISAC, which is the financial services industry's information sharing and analysis center.
"Some companies might have only had one or two files exposed, and that was because - probably - they were really good about taking it off the instance as soon as they were done transferring the file," she said. As a result, unlike organizations that had dozens of files or more get exposed, organizations with better cyber hygiene - including minimizing the data they keep - may have only lost a file or two. Or users who had enabled and configured built-in encryption capabilities may have lost no files at all.
In this interview with Information Security Media Group, Walsh discussed:
- The fallout from Clop's supply chain attacks, mostly recently against MOVEit users;
- Why file transfer utilities continue to be a top target of ransomware groups;
- Essential preventive measures and assurance and detective controls that all secure file transfer tool users should employ.
Walsh leads FS-ISAC's Global Intelligence Office to protect the financial sector against cyberthreats by delivering actionable strategic, operational and tactical intelligence products. Based in the U.K., she oversees FS-ISAC's global member-sharing operations and a team of regional intelligence officers and analysts who monitor emerging threats. Previously, she served as the Europe, Middle East and Africa lead for fraud intelligence and external relationships at JPMorgan. She previously served as a cyber intelligence analyst for Citigroup in the U.S. and Europe. Walsh began her career as a civilian intelligence analyst with the U.S. Naval Criminal Investigative Service.