MOVEit hacks were turning point in ransomware tactics: Resilience

The MOVEit hacks, which affected many corporations, governments and other institutions, may have signaled an evolution in ransomware tactics evolving toward third-party vendors to scale their attacks, says a report.

San Francisco-based Resilience Cyber Insurance Solutions said in a report issued Tuesday that as of this year’s first quarter, claims data has consistently demonstrated that phishing attacks are its clients’ No. 1 point-of-failure, representing 23.4% of all claims.

Since the MOVEit hack, however, vendor risk increased to become Resilience clients’ most frequent point-of-failure at 28.9% of all claims, while phishing’s portion is 23.1%.

The report said that as of July 18, MOVEit claims were slightly more than 20% of Resilience’s total claims portfolio.

Victims of the MOVEit hack have included the biggest U.S. pension fund, the California Public Employees Retirement System, and insurer Genworth Financial Inc.

The MOVEit software has been widely used by organizations around the world to share sensitive data.