Avast, Norton Parent Latest Victim of MOVEit Data Breach Attacks

Gen Digital, the parent company of the security companies, is the latest victim in a rash of Cl0p attacks on the bug in the MOVEit transfer software, leading to employee data being revealed.

Dark Reading Staff, Dark Reading

June 21, 2023

1 Min Read
an image of a laptop screen in a dark room, with compromised red code all across the screen.
Source: CSueb via Alamy Stock Photo

Gen Digital, the parent company of cybersecurity subsidiaries such as Avast and Norton, confirmed on June 20 that the personal information of its employees was compromised in yet another a MOVEit attack by the Cl0p ransomware gang.

The company stated that it was affected by a cyberattack in response to inquiries, confirming that personal information such as names, addresses, employee IDs, and email addresses were revealed. 

"We use MOVEit for file transfers and have remediated all of the known vulnerabilities in the system. When we learned of this matter, we acted immediately to protect our environment and investigate the potential impact. We have confirmed that there was no impact to our core IT systems and our services and that no customer or partner data has been exposed," according to Gen Digital's public notice, which further confirmed that it informed all parties that may have been affected, as well as data protection regulators. 

The bug, a critical-severity SQL injection tracked as CVE-2023-34362, started out as a zero-day vulnerability that has been part of an exploitation campaign at the hands of Cl0p ransomware gang. The attacks are ongoing even post-patch, and has targeted more than 100 companies and organizations so far.

"As a general best practice, we advise never to directly allow for apps like MOVEit Transfer to be directly exposed to the Internet in cloud environments," said Amitai Cohen, attack vector intel lead at Wiz, in an emailed statement. "Instead, place the app behind a VPN, a reverse proxy or a single sign-on (SSO) landing page. This strategy will help to mitigate the effect of potential attacks exploiting vulnerable or misconfigured application endpoints and other attacks that are similar in nature."

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights