A recent data breach has been confirmed by the Metro Vancouver Transit Police, following the discovery of a vulnerability in the MOVEit file transfer software. The cyber attack, which was attributed to a Russian cyber-extortion gang known as Cl0p, resulted in the exposure of 186 files.
In a tweet, the media relations team for the Metro Vancouver Transit Police informed the public about the limited number of files that were accessed during the cyber attack on MOVEit. According to a news release addressing the data breach, the files were transferred using the vulnerable MOVEit software, which has since been patched and repaired to address the security vulnerability.
Fortunately, the cyber attack on the Metro Vancouver Transit Police is not expected to have any significant impact on ongoing prosecutions or police investigations. However, the incident is currently being investigated by the RCMP Cybercrime Investigative Team in Montreal and Vancouver.
The vulnerability in MOVEit was first identified and addressed by Progress, the company responsible for the software, on May 31, 2023. In a tweet, the company urged users to protect their data, as data breaches could occur due to the vulnerability. It was later discovered that the cyber attacks had been executed since the Memorial Day holiday in the United States, which took place from May 27 to May 30.
Progress has been actively addressing the vulnerabilities in MOVEit and providing patch notifications to its users. The company specifically named and addressed three vulnerabilities – CVE-2023-34362, CVE-2023-35036, and CVE-2023-35708 – in its patch updates. MOVEit Cloud, the affected service, was patched and fully restored, with the company temporarily taking HTTPs traffic offline to ensure security.
Despite these efforts, Cl0p managed to breach and demand ransom from nearly 63 companies, as revealed in a tweet by Threat Analyst Brett Callow. In response to this, the FBI and the Cybersecurity & Infrastructure Agency of the USA have announced a $10 million reward for any information about Cl0p. The Rewards for Justice website has posted the reward, hoping to gather actionable information that can put an end to the chaos caused by the ransomware group.
Interestingly, it was observed that Cl0p temporarily stopped posting names of victims on June 16, shortly after the police made the reward announcement on social media platforms. This suggests that the group may have been deterred by the increased attention and the potential consequences of their actions.
The investigation into the Metro Vancouver Transit Police data breach is ongoing, and further updates are expected in the coming days. In the meantime, users are advised to remain vigilant and take necessary precautions to protect their data and systems from potential cyber attacks.