Welcome to the
Fraud of the Day Website!

Search
Close this search box.

Kicks And Giggles

md2
Senior Director of Strategic Alliances
LexisNexis Risk Solutions - Government

This is is not new news anymore, but the size of the fraud is worth repeating. In early 2023, a massive cyber-attack successfully stole millions of identities from organizations that used the software MOVEit. MOVEit was a protocol that easily collected, stored, and distributed large files of information between organizations and entities…securely, according to Progress Software. Unfortunately, a Russian ransom gang, called Clop, proved Progress Software wrong. Clop is now rolling out on its dark website, the list of 121 organizations who are victims from its hack. And ten of these are U.S. Federal agencies.

Federal agencies that are known to use MOVEit include the Pentagon, Department of the Interior, The Transportation Security Administration, the State Department, and the U.S. Army. Not agencies that we want to be hacked! Who are the victims of this hack? What information was stolen? Your guess is as good as anyone’s. Because the Department of Homeland Security isn’t going to share the details. According to Cybersecurity and Infrastructure Security Agency (CISA), the DHS branch responsible for strengthening cybersecurity and infrastructure protection, it is against the policy to share cyber-attack details. The only thing that CISA has had to say is that they believe this attack was “opportunistic”. Whom the opportunity was for, they don’t say. But they believe there is no reason to believe that the data stolen has been leveraged in any way. Because fraudsters are really just jokers.  A bunch of guys hacking databases for kicks and giggles. Although, Clop did announce on its dark website that its victims had until June 28, 2023, to negotiate a ransom or risk having sensitive stolen data dumped online. That’s not so funny.

The Department of Energy is the only federal agency that has confirmed they were among those breached. DOE took immediate steps to prevent further exposure and mitigate impacts from this attack. But it doesn’t reverse the damage for the tens of thousands of individuals who had their personal identifying information stolen.

Today’s Fraud Of The Day is based on “At least 10 federal agencies contracted with hacked software maker” published by Federal Times on June 21, 2023

At least 10 federal agencies have contracted with Ipswitch Inc., maker of the MOVEit software at the center of a cyber attack on government networks this month, federal procurement data show. The attack affecting a “small number” of government agencies is still being assessed, officials at the Cybersecurity and Infrastructure Security Agency have said.

CISA, which monitors cyber threats and recommends policies and tools to combat them, would not say which agencies were attacked, So, far the Smithsonian Institute and the Department of the Interior denied being impacted. The Transportation Security Administration and the State Department told CNN, which first reported the hack, they also not affected by the hack. The Pentagon would not say whether it was affected, citing policy and reasons of operations security.

Related Articles

Get Your Fraud Fix!

Five days a week wake up to the most current fraud article in your inbox

Contact Us

Thank you for your interest in Fraud of the Day. For more information, please complete the following form.
To receive the most current fraud articles direct to your inbox, click the Subscribe button above.

"*" indicates required fields

This field is hidden when viewing the form
Would you like to subscribe to our Blog?
We respect your privacy.
This field is for validation purposes and should be left unchanged.

SUBSCRIBE TODAY

Fill out the form below to receive the Daily Fraud Highlight, the Weekly Fraud Summary or both. Thank you for your interest in FraudoftheDay.com.

"*" indicates required fields

Name*
Subscription Type*
This field is for validation purposes and should be left unchanged.