Heimdal
article featured image

Contents:

The City of Toronto announced a data breach caused by GoAnywhere attacks. Clop ransomware, the gang responsible for exploiting the vulnerability in GoAnywhere also impacted UK’s Virgin Red and Pension Protection Fund.

This week’s victims ad up to the other 130 organizations that Clop claims to have breached until now.

The Toronto Data Breach

The Clop ransomware gang listed the city of Toronto on its data leak site. The data breach was possible using the zero-day vulnerability in Forta’s GoAnywhere file transfer solution.

The City of Toronto, Among This Week’s Victims of GoAnywhere

The authorities discovered the breach on March 20, 2023, and they are currently investigating the damages. We still don’t know the impact of this incident on City data.

Today, the City of Toronto has confirmed that unauthorized access to City data did occur through a third party vendor. The access is limited to files that were unable to be processed through the third party secure file transfer system.

City of Toronto spokesperson via BleepingComputer

The bug, which is currently listed as CVE-2023-0669, allows for remote code execution on an unpatched GoAnywhere solution.

This month, the same Clop zero-day’s attacks were reported by Hitachi Energy, Saks Fifth Avenue, and security firm Rubrik.

Other Attacks from This Week

This week’s GoAnywhere attacks list also includes UK’s Virgin Red, Virgin Group’s rewards system, and Pension Protection Fund (PPF).

Virgin Red declared that the extracted files don’t include any personal information of customers or employees. While the Pension Protection Fund (PPF) breach affected employee data. In consequence, PPY informed and offered support to current and former employees affected by the incident.

PPF has stopped using GoAnywhere since and continues to work closely with Fortra, its security partners, and the law enforcement agencies as a part of investigatory activities.

Source

To protect themselves from such cyberattacks, businesses that use the vulnerable GoAnywhere secure file transfer solution should patch their systems as soon as possible.

If you liked this article, follow us on LinkedInTwitterFacebook, and YouTube for more cybersecurity news and topics.

Author Profile

Andreea Chebac

Digital Content Creator

Andreea is a digital content creator within Heimdal® with a great belief in the educational power of content.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE