Biggest Cyber Assault of 2023 Strikes the U.S. - How Hackers Exploited IBM, Compromising Millions of Customers’ Healthcare and Personal Information
Let’s learn how this catastrophic breach occurred compromising of the leading technical innovators and what we can learn.
In a significant cybersecurity breach that has shaken the U.S., a group of hackers has successfully targeted IBM, compromising the personal and healthcare data of more than 10 million individuals (about half the population of New York). Exploiting a vulnerability within IBM's widely used MOVEit file transfer software, the hackers gained unauthorized access to sensitive information.

Credits - IBM Security
Hackers exploited a clever entry point into IBM's widely used MOVEit file transfer software, leading to the theft of private medical information belonging to millions of U.S. individuals. Interestingly after this incident IBM published its Cost of Data breach Report for 2023, which is significantly improved over the 2022. We encourage you check out our Summary of the Report since this incident led to some remarkable improvements in forensic insights since 2022.
Colorado's Medicaid program, overseen by the Department of Health Care Policy and Financing (HCPF), faces a severe breach, exposing over 4 million patient records during the incident.
The targeted breach focused on IBM, a vendor of HCPF, which employed the MOVEit platform for file transfers. While HCPF's internal systems remained unaffected, the hackers managed to breach the MOVEit app utilized by IBM, compromising certain HCPF files. As a result, affected individuals were promptly notified by HCPF about the security breach and the exposed data.
SO what exactly happened?
MOVEit Transfer serves as a proprietary, managed file transfer (MFT) software, ensuring the secure exchange of files among entities and clients through SFTP, SCP, and HTTP-based uploads. However, this software has been found susceptible to a SQL injection vulnerability, potentially granting unauthorized individuals' administrative privileges, the ability to extract files, and execute arbitrary code. Additionally, the hackers also exploited a Zero Day vulnerability which means an undiscovered flaw in the MOVEit application, a gap in security for which there is no defense or patch because the software maker does not know it exists.
There was little to no prior information provided and the mitigation strategies were extremely slow to put into place. As a result, the hackers were extremely efficient with their work. Although they could do a lot of collateral damage along with the data theft, no network architectural damage occurred. This is likely due to the fact that – the longer a hacker lurks the higher the chance of being caught. The Cybersecurity and Infrastructure Security Agency (CISA) has issued a collaborative Cybersecurity Advisory (CSA) outlining the exploitation of the MOVEit vulnerability by the CL0P Ransomware Gang.
Detailed information regarding this incident, along with the associated MOVEit Vulnerability, is accessible at the provided link
CVE-2023-35708 (June 15, 2023)
CVE-2023-35036 (June 9, 2023)
CVE-2023-34362 (May 31, 2023)
What Does This Mean for Us?
This is a lesson for all business owners and developers that it's important to understand your system, its vulnerabilities, their remediation methods, monitoring and threat mitigation/incident response strategies. Even after receiving an alert poor mitigation and response time resulted in a massive loss. It's time to step up your security game because eliminating threats before they arrive at your doorstep is the one true method to be safe. Financially and technologically in an AI driven world now is the time to start ground up from training, awareness and investment in security, so your future stays shielded from threats like these.
Want a head start in security?
How about a free Security Architecture Review
Comments