#109 - Hacker History: The MOVEit cyberattack

The Cybersecurity Defenders Podcast

Mar 13 2024 • 19 mins

In this episode of The Cybersecurity Defenders Podcast, we recount some hacker history, and with the help of John Hammond, Principal Security Researcher at Huntress, tell the story of the MOVEit cyberattack: the biggest data theft of 2023.

The MOVEit cyberbreach, was a far-reaching cyber attack that unfolded with significant implications worldwide. The breach initially came to light on June 3, when the Government of Nova Scotia disclosed that approximately 100,000 of its current and former employees had been affected, signaling the severity of the breach's impact.

The scope of the breach widened on June 5, as it became apparent that numerous organizations in the United Kingdom had also fallen victim. Among those affected were prominent entities such as the BBC, British Airways, Boots, Aer Lingus, and the payroll service provider Zellis. This phase of the breach underscored its indiscriminate nature, with targets spanning across various sectors.

Further developments were reported on June 12, with major organizations like Ernst & Young, Transport for London, and Ofcom announcing their entanglement in the breach. Of particular concern was Ofcom's revelation that personal and confidential information had been compromised, highlighting the breach's capacity to infiltrate and extract sensitive data.

The United States felt the breach's ramifications by June 15, with reports confirming that the Department of Energy, among other federal entities, was impacted by the MOVEit vulnerability. The breach's reach extended further on June 16, affecting state-level organizations such as the Louisiana Office of Motor Vehicles and Oregon Driver and Motor Vehicle Services, thereby impacting millions of American residents.

By October 25, 2023, a report from the cybersecurity firm Emsisoft indicated that the MOVEit cyberbreach had affected over 2,500 organizations globally, with a significant 80% of these being based in the United States. This breach highlights the critical vulnerabilities within digital infrastructures and underscores the urgent need for enhanced security measures to protect against such widespread cyber threats.

This story was written by the talented Nathaniel Nelson and produced by the team at LimaCharlie.

And a special thank you to John Hammond, Principal Security researcher at Huntress, for sharing his expertise and experience

If you have any feedback or ideas for future topics or guests, please send an email to defenders@limacharlie.io.

You Might Like

TED Radio Hour
TED Radio Hour
NPR
Acquired
Acquired
Ben Gilbert and David Rosenthal
Darknet Diaries
Darknet Diaries
Jack Rhysider
Hard Fork
Hard Fork
The New York Times
Marketplace Tech
Marketplace Tech
Marketplace
Kim Komando Today
Kim Komando Today
Kim Komando
All-In with Chamath, Jason, Sacks & Friedberg
All-In with Chamath, Jason, Sacks & Friedberg
All-In Podcast, LLC
This Week in Tech (Audio)
This Week in Tech (Audio)
TWiT
Daily Tech News Show
Daily Tech News Show
Tom Merritt
WSJ’s The Future of Everything
WSJ’s The Future of Everything
The Wall Street Journal
Security Now (Audio)
Security Now (Audio)
TWiT
Elon Musk Podcast
Elon Musk Podcast
Stage Zero
TechStuff
TechStuff
iHeartPodcasts
Ask The Tech Guys (Audio)
Ask The Tech Guys (Audio)
TWiT
Rich On Tech
Rich On Tech
Rich DeMuro
Endless Thread
Endless Thread
WBUR
The Artificial Intelligence Podcast
The Artificial Intelligence Podcast
Dr. Tony Hoang
The Vergecast
The Vergecast
The Verge
Lofi ~ Sleep/Chill
Lofi ~ Sleep/Chill
Lofi King
Fortnite Emotes
Fortnite Emotes
Lawrence Hopkinson