The University of Colorado has confirmed that it was indirectly impacted by the MOVEit exploitation.
Two third-party vendors serving the University of Colorado were impacted by the MOVEit Transfer cyber attack. This exposed the data belonging to some CU community members.
The University of Colorado cyber attack occurred due to the exploitation of third-party vendors — National Student Clearinghouse (NSC) and Teachers Insurance and Annuity Association of America (TIAA).
University of Colorado cyber attack
In a notice to its community members, the University of Colorado wrote, “Recently, two of our vendors, TIAA and National Student Clearinghouse (NSC), notified the University of Colorado that they were impacted by the global cyberattack against the MOVEit Transfer software owned by Progress Software.”
The compromised data from the University of Colorado cyber attack includes information about prospective and present students and former and current employees.
The NSC used the student tracker service of MOVEit while the University of Colorado used the NSC for educational research and reporting services. Similarly, the Madison College cyber attack was due to the compromise of NSC used by the college.
TIAA is used by the University of Colorado for retirement plan record maintenance. TIAA was not directly impacted by the MOVEit transfer, however, due to its vendor, the PBI. The Pension Benefit Information, LLC (PBI) provides death claim and beneficiary processes to TIAA.
PBI cyber attack
The PBI cyber attack was confirmed by the organization in a notice to its business clients.
“At the end of May, Progress Software identified a cyberattack in their MOVEit software that did impact a small percentage of our clients who use the MOVEit administrative portal software resulting in access to private records,” said the disclosure.
PBI patched the systems and notified the impacted clients who used the MOVEit administrative portal software, the notice added.
MOVEit file transfer cyber attack impact so far
Besides the PBI security incident, TIAA, NSC, and the University of Colorado cyber attack, the number of targeted organizations has reached 257.
According to research by Threat Analyst Brett Callow, 25 schools in the United States were impacted by the MOVEit security breach. This exposed the data of nearly 17,750,524 individuals, he stated in a recent Tweet.
CISA’s notice for three MOVEit vulnerabilities
In an alert posted last week, the Cybersecurity & Infrastructure Security Agency urged users to apply updates for the latest MOVEit Transfer vulnerabilities.
The MOVEit Transfer article offered latest service packs for three new vulnerabilities in its software.
- CVE-2023-36934, a critical, SQL injection vulnerability allowing unauthorized access to the MOVEit Transfer database.
- CVE-2023-36932, a high-severity SQL injection vulnerability was found in the MOVEit Transfer web application could allow unauthorized access to the MOVEit database.
- CVE-2023-36933, a high-severity vulnerability could allow a hacker to cause an unhandled exception and terminate the MOVEit Transfer application.
Cl0p and file transfer services
The previous cyber attacks on solutions that offered file transfer services to clients led to the compromise of countless records of individuals. It is observed that Cl0p targeted file-transferring facilities strategically to gain access to several of its clients in the past.
The Fortra zero-day exploitation in the GoAnywhere MFT announced in February 2023, and the Acccellion cyber attack explains how Cl0p looks for zero days to exploit. It gains access to hundreds of the targeted company’s clients and extorts money for the exfiltrated data.
This makes it clear that file-transfer providing services must create a cybersecurity team for bug hunting, a red hat team for finding security gaps, and offer regular updates. Its clients must also be vigilant of third-party vendor cybersecurity posture to prevent risk.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.