Description

The state of Maine recently confirmed that their systems were victims of the MOVEit zero-day vulnerability attack that has impacted at least 1,000 organizations and 60 million individuals since it first appeared on the scene in May of 2023. The state has determined that information of approximately 1.3 million residents, nearly its entire population, was compromised in an attack conducted by a Russian hacking group named CLOP who has taken credit for the MOVEit attacks. MOVEit is a highly popular automated secure FTP application used to move files using an encrypted channel. The attack took place between May 28 and 29, 2023 and affected multiple departments including the Maine Department of Health and Human Services, the Maine Department of Education, the Maine Bureau of Motor Vehicles amongst others. The types of information compromised in the attack included names, social security numbers (SSN), birthdates, driver’s license numbers and taxpayer IDs. Maine confirmed that the breach was limited to the MOVEit file transfer application and did not extend to other systems. The state has issued a public notice to inform its residents about the attack and provide guidance.


Identify Indicators of Compromise (IoC)

The State of Maine, like numerous other organizations, was alerted to the MOVEit attack on May 31, 2023, following a notification from Progress Software, the creators of MOVEit, about the vulnerability. Subsequently, the state’s IT department confirmed that the application had been compromised.

Actions Taken

Upon learning of the MOVEit attack, the State’s internal IT team promptly took protective measures that included restricting internet access to the MOVEit server. They followed security recommendations from Progress Software, sought legal advice, and engaged with cybersecurity experts for a thorough investigation to determine the attack’s nature, scope, and the specific data compromised.

Since the onset of the incident, the cybercriminals involved claimed their primary targets were businesses, with a promise to erase data obtained from certain entities, including governments. Despite this assertion, the State of Maine is taking no chances and is urging individuals to take their recommended steps to protect their personal information (PI). The state is encouraging its residents to reach out to its dedicated call center to verify the specific data of theirs that was compromised. The state is also offering two years of complimentary credit monitoring and identity theft protection services to any individual whose social security numbers or taxpayer identification numbers were compromised in the attack.

Prevention

Your organization is only as secure as the components comprised within your enterprise, including third party applications such as MOVEit. Here are some proactive measures you can take to ensure the security posture of third-party applications, hardware, and services.

  1. Perform due diligence before signing any agreements to ensure that third parties have the same level of security as your own organization. Don’t feel inhibited to inquire about their security strategies and incident response plans (IRP).
  2. It’s crucial to regularly update and patch all software, not just operating systems. Stay informed about patches released by vendors for known vulnerabilities in their applications.
  3. Adhere to a schedule for regular vulnerability scans and penetration tests to identify security weaknesses so that they can be quickly addressed.
  4. Isolate critical systems and applications, especially those facing the internet, through network segmentation. This approach limits the spread and impact of any unauthorized access or malware that may infect one particular system.
  5. Use advanced monitoring and observability tools to track suspicious activity or anomalies that may indicate a cyber incident. This is especially pertinent for identifying and responding to zero-day attacks, which often lack prior warning.

If you are unfamiliar with the various types of security assessments or want more information on how vulnerability scans and penetration tests can aid your IT or security team, we encourage you to contact one of our security specialists at Halock Security Labs who can answer all your questions.