In Q2 2023, Kroll reported a notable shift towards increased supply chain risk, largely driven by the CLOP ransomware gang’s exploitation of the MOVEit transfer vulnerability. The MOVEit exploitation rendered even organizations with mature cybersecurity controls helpless and vulnerable to financial and reputational damage. Only a handful were able to detect the exfiltration, and even fewer could handle the consequences once a trusted partner fell victim.

Watch Kroll experts George Glass and Scott Downie examine the exploitation in detail and highlight lessons learned from over 50 incident response (IR) investigations handled by Kroll. They also brief participants on the complexities of third-party investigations, litigation considerations, breach notification challenges and the steps chief information security officers (CISOs) should take to raise preparedness.

Key Sections:

• 0:00 to 1:55 – Intro
• 1:55 to 2:12 – Agenda
• 2:12 to 6:30 - Backstory behind MOVEit exploit
• 6:30 to 9:29 – The CL0P timeline
• 10:40 to 15:47 – The Kroll Intrusion Lifecycle
• 15:50 to 19:40 - Data exfiltration methods
• 19:41 to 24:40 - Impact Analysis
• 24:42 to 28:18 – Minimizing impact
• 28:20 to 42:00 – Q&A session

Additional Kroll research into MOVEIt:
https://www.kroll.com/en/insights/publications/cyber/clop-ransomware-moveit-transfer-vulnerability-cve-2023-34362

https://www.kroll.com/en/insights/publications/cyber/moveit-vulnerability-investigations-uncover-additional-exfiltration-method

Get the latest from the Kroll Cyber Risk blog: https://www.kroll.com/en/insights/publications/cyber

Demo Kroll Responder, our MDR solution: https://www.kroll.com/en/services/cyber-risk/managed-security/kroll-responder

Read the latest Cyber case studies: https://www.kroll.com/en/insights/publications/cyber/case-studies

#threatintelligence #cyberrisk #incidentresponse