Schools Say US Teachers' Retirement Fund Was Breached By MOVEit Hackers (techcrunch.com) 15
An anonymous reader quotes a report from TechCrunch: Two U.S. schools have confirmed that TIAA, a nonprofit organization that provides financial services for individuals in academic fields, has been caught up in the mass-hacks targeting MOVEit file transfer tools. Middlebury College in Vermont and Trinity College in Connecticut both released security notices confirming they experienced data breaches as a result of a security incident at the Teachers Insurance and Annuity Association of America, or TIAA. According to its website, TIAA serves mire than five million active and retired employees participating at more than 15,000 institutions and manages $1.3 trillion in assets in more than 50 countries.
Both of the security notices confirm that TIAA was affected by hackers' widespread exploitation of a flaw in MOVEit Transfer, an enterprise file transfer tool developed by Progress Software. The mass-hack has so far claimed more than 160 victims, according to Emsisoft threat analyst Brett Callow, including the U.S. Department of Health and Human Services (HHS) and Siemens Energy. Only 12 of these victims have confirmed the number of people affected, which already adds up to more than 16 million individuals.
While TIAA notified affected schools of its security incident, the organization has yet to publicly acknowledge the incident. In response to a Twitter user questioning the organization's silence, TIAA responded saying that its offices were closed. It's not yet known how many organizations have been impacted as a result of the cyberattack on TIAA. TIAA has not yet been listed on the dark web leak site of the Russia-linked Clop ransomware gang, which has claimed responsibility for the ongoing MOVEit cyberattacks.
Both of the security notices confirm that TIAA was affected by hackers' widespread exploitation of a flaw in MOVEit Transfer, an enterprise file transfer tool developed by Progress Software. The mass-hack has so far claimed more than 160 victims, according to Emsisoft threat analyst Brett Callow, including the U.S. Department of Health and Human Services (HHS) and Siemens Energy. Only 12 of these victims have confirmed the number of people affected, which already adds up to more than 16 million individuals.
While TIAA notified affected schools of its security incident, the organization has yet to publicly acknowledge the incident. In response to a Twitter user questioning the organization's silence, TIAA responded saying that its offices were closed. It's not yet known how many organizations have been impacted as a result of the cyberattack on TIAA. TIAA has not yet been listed on the dark web leak site of the Russia-linked Clop ransomware gang, which has claimed responsibility for the ongoing MOVEit cyberattacks.
Maybe... (Score:3)
response to a Twitter user questioning the organization's silence, TIAA responded saying that its offices were closed
...they could have notified the hackers that they were closed?
why not send a disk drive? (Score:2)
Re: (Score:1)
Re: (Score:2)
This is what sftp, scp, and SSH are good for. Alice's has a machine on her DMZ, forwarding a port via autoSSH to a cloud based VM where traffic prices are low. Bob also forwards his SSH port to that machine. All versions of SSH use key only authentication, and the VM is protected by network ACLs to only allow SSH from Alice and Bob's IP address ranges. From there, ssh -j is used to copy files.
As an additional precaution, files can be encrypted and signed, and the signature verified on the recipient's s
Re: (Score:2)
OK, not convince an IT department to do just that. And assume the firewall only allows port 80 and 443 through, and
Re:why not send a disk drive? (Score:4, Insightful)
Windows has SSH built in these days. GNU Privacy Guard isn't, but done right, that might not have to be used. With just that, and some Powershell scripting, one could do file transfers between two orgs.
For hosting uploads and downloads, just the fact that MoveIT has so much internal access is just asking for issues. Even something like an Avid appliance (long since gone) where it would allow users to upload/download to the appliance, which was on the DMZ would be better. Yes, one couldn't just send a file from their desktop, but allowing a direct channel from an internal desktop to/from an external user is asking for a compromise, without something like a hop box or a FTP appliance. No, it isn't point and click easy, but it would greatly reduce the available attack surface.
Even IBM has dedicated file transfer appliances which would be functionally similar to MoveIT, but because they work as proxies between an external user and an internal, they add value when it comes to security.
I Wonder (Score:2)
Did the hackers wear their teacher-demanded face guards & masks while stealing that retirement data-money?
No one uses SSN and DOB for authentication (Score:2)
Re: (Score:2)
Responsibility (Score:1)
It was formerly TIAA-CREF (Score:2)
Reliable Wizard Withney Blockhair Hack Service (Score:1)
How to recover lost fund as a teacher (Score:1)
How to recover funds as a teacher (Score:1)
Cryptocurrency Recovery (Score:1)