Fortifying Cyber Defense via Zero Trust Data Access: The Recent GoAnywhere and MoveIT Ransomware Breaches

The recent GoAnywhere and MOVEit breaches reinforce the need for a more robust alternative based on a zero-trust data access architecture.

Fortifying Cyber Defense via Zero Trust Data Access: The Recent GoAnywhere and MOVEit Ransomware Breaches

Estimated reading time: 3 minutes

Unstructured Data Governance: The Achilles’ Heel of Cybersecurity

The MOVEit breach exposed the personal and sensitive information of over 60 million individuals. Managing unstructured data has recently emerged as one of the most difficult challenges to effective data governance and control for IT.  The main reason for the complexities include:

  • The sheer size and number of assets for even the smallest organization
  • Ever-evolving access requirements
  • Time to care-feed aka manage such ecosystems using traditional one-off means
  • The increasing number of individuals who need to access said data

Unstructured Data Theft: The MOVEit Breach and Other Recent Ransomware Attacks

Threat actors are specifically interested in unstructured data because, in addition to possible brand damage, the contents may be valuable to several parties, including external actors. Various groups including Karakurt, Akira, Dark Angels and Cl0p (Clop) are focusing more attention on the theft of unstructured data as practice vs also locking systems using ransomware.

Ransom demands specific to data exfiltration have skyrocketed with an average of $1.7M per incident and ransom demands hitting upper levels of $180M. Meanwhile, ransomware incidents that only lock systems and do not exfiltrate data have seen their ransom demands drop to an average of $100K and maximum demands of around $2M.

These numbers demonstrate the value of business information and the cyber risk associated with such information.

Over the past 2 years, one group has generated an estimated $300M in payment focusing almost solely on file transfer mechanisms. Threat Intelligence sources estimate that the CLOP group was behind the Accelion, GoAnywhere and MOVEit file transfer zero-day attacks which impacted thousands of organizations with the majority of Fortune 100 companies in the mix.

Our threat intelligence investigation found that CLOP clearly understood that mature organizations would have identified that sharing of unstructured data must be secured, and given the possible manual effort in managing such initiatives, an automated application could solve the problem. CLOP worked to purchase or research vulnerabilities in such systems as one common aspect is the sheer number of files and data that may exist in such environments making compromise of such systems very lucrative targets.

It is expected that the trend of attacking traditional file transfer mechanisms will continue in first-generation architectures, and just recently law enforcement identified CVE -2023-47246 in the SYSAID IT management product suite that CLOP is using to gain access and steal unstructured files. This trend is expected to continue, where massively exploitable ecosystems are seeing terabytes of information stolen in the span of a few hours.

These massive breaches serve as a stark reminder of the interconnectedness and vulnerabilities within our digital ecosystem, underscoring the need for robust cybersecurity measures and rapid response strategies.

The Paradigm Shift to Zero Trust Data Access: FileFlex’s Tailored Defense against Breaches

What is required is a paradigm change where controls are put in place so that each deployment is unique in such a way that the concept of zero-day does not apply to the ecosystem… this is where FileFlex is different.

FileFlex emphasizes Zero Trust Data Access (ZTDA), which involves micro-segmentation down to the file or folder level. This approach could enhance security by ensuring only necessary data is accessible, reducing the attack surface. Providing this approach to data access and sharing would  have mitigated the impact of the MOVEit breach

The MOVEit breach involved unauthorized access to large volumes of sensitive data, including student records in educational institutions. By implementing ZTDA and micro-segmentation, Fileflex’s approach could have limited access to specific files or folders, potentially preventing widespread unauthorized data access. This aligns with the principles of Zero Trust, where trust is never assumed, and verification is required from anyone trying to access resources in a network.

While conventional applications being exploited are “traditional” in their centralized cloud-facing management approach, FileFlex is different from one customer to the next enough that it might eliminate any chance of a zero-day being exploited from a central place.

Conclusion – Fortifying Cyber Defense Against Unstructured Data Breaches with FileFlex’s Zero Trust Data Access

The escalating threat posed by unstructured data breaches underscores the critical need for enhanced cybersecurity measures. As threat actors increasingly target valuable unstructured data, FileFlex’s innovative Zero Trust Data Access (ZTDA) presents a tailored defense mechanism. This paradigm shift, advocating for unique deployment controls and micro-segmentation, not only minimizes the attack surface but also aligns with Zero Trust principles, serving as a potent safeguard against potential breaches, as highlighted by the MOVEit incident and the rising trend of targeted attacks.

For further reading see Top 11 Ways Zero Trust Data Access Aids Unstructured Data Management, and Why You Need Zero Trust Data Access Micro-Segmentation.

Mr. Dubrovsky serves as Executive Cyber Advisor to the CEO and Board of Qnext and is a leading information security expert and management executive who has built and led cyber consulting practices for nearly three decades. He holds a number of academic and industry certifications, including BSc, MSc, MBA, OSCP, and the CISSP designation, and can also be found teaching at York University’s cybersecurity program where he sits on the advisory board and acts as both a course developer and an instructor.