Ipswitch Inc., maker of the MOVEit software, has seen its software become the target of a cyber attack on numerous federal agencies. While the specific agencies impacted remain mostly undisclosed, the attack is reportedly affecting a “small number” of them. The incident may have been executed by Russian hackers, with reported links to the group known as Clop. In the face of cyber threats, the US government continues to grapple with establishing consistent responses across agencies and centralizing data collection.
Key Points:
- MOVEit software, created by Ipswitch Inc., has been at the center of a cyber attack affecting multiple federal agencies. However, specifics about which agencies were affected are largely undisclosed, with only the Office of Personnel Management and the Department of Energy confirmed to be impacted.
- The cyber attack may have been conducted by Russian hackers, aligning with methods commonly used by the Russian group, Clop. These hackers are known for their opportunistic attacks and attempts to extort money in exchange for the release of stolen data.
- The Department of Justice has launched its National Security Cyber Section, aiming to improve rapid responses to cyber-enabled threats, supporting investigations and disruption efforts. This initiative aligns with the Biden administration’s earlier strategy, aimed at fortifying IT infrastructure and dealing with the ransomware threat.
- There is a reported lack of consistency across federal agencies regarding responses to cyber attacks, measurements of damage, and even definitions of cybercrime. This issue is further complicated by the lack of centralized data collection across the government.
- Data breaches at local, state, and federal agencies over the last eight years have reportedly cost governments about $26 billion. Legislation such as the Better Cybercrime Metrics Act and the Cyber Incident Reporting for Critical Infrastructure Act of 2022 have been enacted to tackle these cyber threats and improve responses, but full implementation and standardization continue to be challenges.
Continue reading at https://www.federaltimes.com/it-networks/2023/06/21/at-least-10-federal-agencies-contracted-with-hacked-software-maker/