In May 2023, one of the most widespread cybercriminal organizations known as CLOP (or TA505) utilized a SQL injection vulnerability to interfere with MOVEit Transfer software, which is connected to countless databases of company information.
This Russian group of hackers encrypted a web shell nicknamed LEMURLOOT into the network of MOVEit, using it as a backdoor to infiltrate the web application and extract data..
Welcome to the era of cybercrime.
“We have this pop culture perspective that’s been given to us by various avenues that hackers work alone,” Edward Vasko, the Director for Institute for Pervasive Cybersecurity, said. “They’re individuals that are nefarious and so forth. The reality is it’s very organized, it’s very structured. And it actually leverages well known business models to conduct criminal activity.”
This massive data breach has been underway for the last couple of months, affecting 3,000 U.S organizations and 8,000 global organizations, according to the Cybersecurity and Infrastructure Agency (CSA).
The list of targeted businesses and major companies include everything from US banks like First National Bankers Bank, to oil giants like Shell and the well-known educational nonprofit National Student Clearinghouse. The US Department of Energy, Shutterfly.com, American Airlines, Warner Bros and even the University of Idaho systems have been attacked.
Boise State University was targeted as well, and students and faculty were notified in an email sent out July 14, 2023, at 4:14 p.m.
National Student Clearinghouse alerted Boise State of the breach through MOVEit Transfer, the system they use for filing information, according to the email sent out by the Registrar Office.
“Boise State learned that personally identifiable information about some students was compromised as a result of the worldwide data breach,” the email stated.
The good news is that Boise State systems are not at risk, just the information linked to the third party MOVEit Transfer software. Regardless, Boise State is in contact with the Idaho State Board of Education to oversee the situation as it progresses.
The landing page Boise State provided for updates said, “We believe some students and employees will receive letters in the mail advising that information you shared with Boise State and our vendors may have been compromised.”
Director of Media Relations, Mike Sharp, told The Arbiter in an email, “Boise State University was notified by the National Student Clearinghouse that July’s data breach affected sensitive information of three unenrolled Boise State students.”
Clearinghouse will contact the impacted students and information such as names, email addresses, etc. of other students may have been exposed as well.
“Boise State University continues to work with the Clearinghouse as they address their response to the MoveIt breach. A campus update is forthcoming,” Sharp wrote.
So what exactly happened? CLOP’s strategy of cybercrime is tied to ransomware, a type of malware that blocks a web system and demands money in return to reboot up the system, remove a virus or a bug, or return stolen information.
It’s blackmailing, and CLOP has been around the block a few times when it comes to demanding money in return for recovering company information.
CLOP historically will discover a zero-day flaw in a system, exploit that flaw, extract data and then send a ransom note to whatever company they target. In ransom notes, CLOP threatens to publish or sell all vulnerable information on the black market if their victims do not comply.
Viruses and phishing scams emerged in the 1990’s alongside a new virtual reality. Since the beginning of the internet, cybercrime has existed, not for an era, but for thirty years give or take.
It’s no secret that even sharing information on social media platforms is taking a calculated risk. Accounts can be hacked into from Instagram, TikTok, Snapchat, Twitter, Facebook and more. People can fake profile identities, scam users, engage in sextortion and commit other cyber crimes on social media, like trafficking, dm phishing and catfishing.
“I think the important thing to keep in mind is that these platforms are collecting information, they are receiving information from you that could be inappropriately leveraged,” Vasko said.
Living in a digital universe means that there will always be the danger of the dark web, malware, hackers and cybercrime.