Crowe accounting firm confirms MOVEit impact limited


Global accounting and tax advisory firm Crowe confirms to Cybernews it is the latest financial services company to be caught up in the Cl0p MOVEit breach.

The Chicago-based accounting, consulting, and technology company was listed on the Cl0p dark leak site earlier this week.

But according to a spokesperson for the company, the number of Crowe clients compromised in the MOVEit attacks was remarkably low – possibly due to the quick response by its security department.

“Crowe LLP took swift action upon learning of the vulnerability involving MOVEit file transfer,” Manny Goncalves, Crowe’s Principal, Chief Strategy & Communications Officer, told Cybernews Thursday.

Those actions included “immediately disabling access and applying the vendor-provided patches and service pack,” Goncalves stated.

“We engaged outside experts to conduct a rigorous investigation to determine the impact of the vulnerability. The less than 100 impacted clients have all been notified,” he said.

Progress, the American software maker and distributor of MOVEit Transfer, has released three critical security patches since the Russian-affiliated Cl0p ransomware gang breached the system at the end of May.

On July 5th, Progress also announced the release of a new MOVEit Service Pack, which the company will use to issue security updates and patches for the product every two months.

MOVEit impact

It seems Crowe is one of the lucky companies to have experienced limited impact from the MOVEit attacks, as the system is used by thousands of companies worldwide to securely send and receive files.

Crowe, an independent member of Crowe Global, has multiple US offices across nearly twenty states, as well as in India and the Philippines.

Earlier this week, Cybernews confirmed the MOVEit attacks had impacted ING Bank, as well as three other major European banks, including Deutsche Bank and Postbank.

Choice Hotels’ Radisson Americas chain also reported to Cybernews a loss of customer data.

Other recent MOVEit victims include PWC, Ernst & Young, Sony, Siemens Energy, the NYC Department of Education, and Shell Global, the first victim to be named by Cl0p on June 14th.

Several US federal agencies, including the Department of Energy and Health, were impacted, prompting US officials to issue a $10 Million dollar bounty on the Cl0p gang.

Cl0p victim list grows

The Moveit Transfer system is just one of the dozens of third-party tools the Progress software company offers to its business customers.

Experts we’ve spoken to say that around 3,000 deployments of MOVEit were in use when the zero-day flaw was first exploited by the Cl0p gang.

Presently there are at least 150 victims listed on Cl0p's dark leak site, some with details on how much data was stolen in the breach and samples.

Security experts say even if a company didn’t use the file transfer platform themselves, a trusted third party, such as a supplier or partner, may have, essentially compounding the impact of the attacks.

The Cl0p ransomware group also made headlines in March, claiming responsibility for another zero-day attack exploiting the similar Go Fortra Anywhere file management system, compromising about 120 companies, including Procter & Gamble (P&G), Hitachi, Rubrik, and Virgin.

It is thought the number of MOVEit victims will be at least double that of the Go Anywhere hacks.