Deloitte has refuted claims that the Cl0p ransomware gang has breached its systems and stolen client data amid speculation online.
The accountancy firm was cited as a victim on Cl0p’s breach disclosure blog, sparking concerns that clients at the consultancy could be at risk.
In its disclosure, Cl0p claimed “the company doesn’t care about its customers” and that it “ignored their security”.
The claims come amid a flurry of breach disclosures from Cl0p in the wake of the MOVEit breach, which so far has affected hundreds of companies globally.
Last month, the group claimed to have compromised systems at EY and PwC, two of the other ‘Big Four’ accountancy firms.
At the time of writing, Cl0p still has both companies listed on its blog along with an array of download options for files the cyber criminal outfit claims to have stolen from them.
However, in a statement given to ITPro, Deloitte has denied suggestions that it had suffered a breach off the back of the global security incident.
A spokesperson for the firm said in the aftermath of the attack it took immediate action to apply security updates according to the vendor’s guidance and has mitigated risks to clients.
“Immediately upon becoming aware of this zero-day vulnerability, Deloitte applied the vendor’s security updates and performed mitigating actions in accordance with the vendor’s guidance."
RELATED RESOURCE
The state of email security 2023
Get the latest insights from 1,700 CISOs and other IT professionals as they present a realistic picture of the steps they are taking to protect their organizations
Deloitte also said that it conducted an investigation into the possibility of a breach in the wake of the MOVEit incident, but has thus far determined that no client data has been impacted.
The spokesperson noted that the firm’s use of the file transfer software was “limited”.
“Our analysis determined that our global network use of the vulnerable MOVEit Transfer software is limited,” they said. “Having conducted our analysis, we have seen no evidence of impact to client data.”
Deloitte's page on Cl0p's website does not yet feature download links for files. This could indicate that Deloitte's assessment is correct and Cl0p has not managed to access client data.
It could also mean that Cl0p is still waiting to negotiate a payment from Deloitte for any data it was able to steal during an attack. Deloitte said client data is believed to be unaffected but in multiple recent Cl0p-associated incidents, data stolen from victims has concerned internal staff rather than clients.
Cl0p has also been linked with the earlier GoAnywhere breach which saw the Pension Protection Fund also lose data related to current and former staff, but not current members.
MOVEit attack - what happened?
News of the MOVEit attack emerged in late May amid speculation that a zero-day vulnerability in the transfer software had been exploited by threat actors.
Security researchers at Microsoft quickly identified Cl0p as the group behind the attack, and the incident began to spiral out of control.
Within days, several major organizations globally revealed they had been impacted by the breach, including payroll provider Zellis.
This sparked a series of subsequent breaches at a host of major organizations globally, with the number of victims rising to 513 at the time of writing, according to Emsisoft's figures.
To date, hundreds of organizations spanning a number of industries have been affected by the breach.
Cl0p has added nearly 50 victims to its list in the last week alone, including Toyota’s European subsidiary and Virgin Pulse.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Cybersecurity teams face unparalleled pressure, but they’re stepping up to the plateNews While cybersecurity teams are contending with rising workloads and chronic staffing issues, new research shows practitioners are still charging ahead and meeting targets.
-
Developers can't get a handle on application security risksNews Research by Legit Security shows a majority of organizations have high risk applications in developer environments.
-
CISOs are gaining more influence in the boardroom, and it’s about timeNews CISO influence in the C-suite and boardrooms is growing, new research shows, as enterprises focus heavily on cybersecurity capabilities.
-
How MSSPs can leverage dark web intelligence to counter emerging threatsIndustry Insight Dark web intelligence can be a vital tool for MSSPs to bolster security and counter emerging threats
-
Royal, Hive, Black Basta ransomware gangs ‘collaborating on cyber attacks’News Affiliates from the now-defunct Hive ransomware group could be seeking opportunities with other major dark web players
-
SEC data breach rules branded “worryingly vague” by industry bodyNews The new rules announced last week leave many questions unanswered, according to security industry experts
-
Weekly cyber attacks reach two-year high amid ransomware resurgenceNews The surge in attacks comes amid a period of resurging ransomware activity and concerns over vulnerability disclosures
-
TSMC faces $70 million LockBit ransom demand following hardware supplier breachNews While TSMC has confirmed the breach, it has refuted claims that company operations have been disrupted by the incident
