Expect a slow drip, drip, drip of disclosures now that two organizations have reported that they have experienced cybersecurity incidents caused by a zero-day vulnerability (CVE-2023-0699) in Fortra’s GoAnywhere MFT secure file sharing software.
The latest case was March 2, when fintech Hatch Bank reported that threat actors stole the personal data of nearly 140,000 customers from the GoAnywhere platform.
In mid-February, an SEC filing disclosed that 1 million patients tied to Community Health Systems in Tennessee were among 130 organizations compromised by the Clop ransomware group.
More disclosures are expected in the coming weeks.
“As some of these companies get closer to their reporting deadlines, you’ll see more disclosures from the 130 companies Clop supposedly broke into, whether they are through SEC filings or simply filing when they need to,” said Mike Parkin, senior technical engineer at Vulcan Cyber. “You may also see Clop making annoucements that they have made some other breaches.”
Avishai Avivi, chief information security officer at SafeBreach, added that this is not the first time the Clop ransomware group has targeted file transfer applications. Avivi said Clop took the same approach two years ago when they targeted the Accellion file transfer applications. Avivi said it appears that they aim to copy sensitive data as a file transfer gets processed.
“It’s a nightmare for any software vendor to discover a zero-day vulnerability being exploited in the wild,” Avivi said. “This nightmare gets compounded when the software is a security-oriented tool. In