The vulnerability in MOVEit Transfer, an application for exchanging files, causes another victim. Petroleum company Shell says hackers exploited the exploit in the software to infiltrate the company’s systems. Whether data has been stolen is currently being investigated.
A Shell spokesperson confirmed the attack to ComputerWeekly.
‘Hundreds’ of victims due to vulnerability in MOVEit Transfer
At the end of May, software developer Progess announced that MOVEit Transfer contained a zero-day exploit. By means of an SQL injection, malicious parties could gain access to internal company systems and steal confidential or privacy-sensitive information. The developer, the National Cyber Security Center (NCSC) and other cybersecurity watchdogs advised installing the security patch as soon as possible.
Clop, a hacker group believed by security researchers to operate out of Russia, claimed to have attacked “hundreds” of companies and organizations by exploiting the vulnerability. Airlines, including British Airways and Aer Lingus, pharmacy chain Boots, the British broadcaster BBC, the Canadian province of Nova Scotia government, the British payroll company Zellis and the University of Rochester confirmed that hackers had stolen data via MOVEit Transfer.
Landal GreenParks reported earlier this month that the exploit in the application may have leaked the names and personal data of 12,000 holidaymakers. As a precaution, the operator of holiday parks informed the Dutch Data Protection Authority.
Shell: ‘No indications that important IT systems have been compromised’
Hacker group Clop gave victims until Wednesday, June 14 to contact and negotiate a ransom payment. This deadline has now expired. The hacker collective has since added twelve new names to the list of victims on a dark web page. Among them are the University of Georgia, investment fund Putnam, various American banks and Shell.
A spokesperson for the petroleum company acknowledges that it was attacked via the vulnerability in MOVEit Transfer. He emphasizes that only ‘a small number of Shell employees and customers’ use the application to send files. There are currently no indications that the hackers have penetrated key IT systems or stolen data. “Our IT teams are conducting an investigation. We do not communicate with the hackers,” says the spokesperson.
Progress warns of two vulnerabilities in a short time
Last week, Progress reported another vulnerability in MOVEit Transfer. As with the original exploit, hackers can exploit this vulnerability to alter or steal customer data.
“An attacker could send a fabricated payload to an endpoint in the MOVEit Transfer application. That, in turn, can compromise the integrity of the contents of MOVEit databases or make their contents available to unauthorized persons,” the software developer said in a Security Advisory.
Shell is struggling with a data breach
Earlier this week, there was another data breach at Shell. A database at Amazon Web Services (AWS) was not password protected. As a result, everyone had access to Shell Recharge customers’ names, residential addresses, contact details, and vehicle identification numbers. The locations of electric charging stations and names of organizations that use the charging stations can also be found in the database. Reportedly, one terabyte of private data has been stolen by hackers.
“Shell has taken steps to contain and identify an exposure of Shell Recharge Solutions data. We are investigating the incident, will continue to monitor our IT systems and will take all necessary future actions accordingly,” a spokesman for the petroleum company said.