Proactive Community-Focussed Threat Hunting Protects Against MOVEit Vulnerability

Wednesday 4th October, 2023

Providing standardised cyber security offerings across all of our customer sectors enables our Security Operations Centre (SOC) teams to leverage a combination of intelligence from multiple global threat feeds in addition to data drawn from our customers. These combined data streams enable us to proactively communicate and protect against highly sophisticated threats, whilst simultaneously raising awareness of unusual behaviour to every one of our subscribed customers.

For our SOC customers, this ability to rapidly mitigate threats sector wide translates into what we refer to as a ‘community driven approach’ to cyber security through which our ‘safety in numbers’ strategy offers a pragmatic and constantly evolving solution to protecting against the very latest cyber threats. The community SOC brings customers together as the overall common goal is to continually improve the sector’s cyber security posture, security operations and efficiencies.

What is the MOVEit vulnerability?

“MOVEit” is a zero day vulnerability that has breached over 900 education sector institutions in the USA and is also infamous for now affecting over over 60 million individuals and over 2200 organisations worldwide.

The infographic below (courtsey of konbriefing.com/) gives a breakdown of the geographical impact of the vulnerability showing the number of organisations affected. In the UK alone, high profile organisations such as the BBC, Boots and British Airways have all fallen victim to the MOVEit hack.

How did the KHIPU SOC react to the MOVEit vulnerability?

As soon as our SOC team became aware of this latest celebrity vulnerability*, our entire SOC community was alerted to this threat and proactive measures were implemented immediately to check all environments and to understand if anyone had been affected.

Indicators of Compromise (IOC) rules were setup across the SOC community to further improve incident response and remediation capabilities to the MOVEit exploit. Using SOAR playbooks and automation tools, these protection and prevention processes are always implemented and rolled out to all customers very quickly as part of their SOC service.

How were KHIPU customers affected by the MOVEit hack?

Fortunately, none of our customers were affected at the time of the vulnerability being announced, but due to the measures our SOC put in place, we found several instances of vulnerable MOVEit devices on our customers’ networks several weeks after the initial disclosure of the MOVEit vulnerabilities, which were then swiftly mitigated.

Why is the MOVEit vulnerability significant?

This is another great example of the power of the SOC community, through which our ‘protection in numbers’ approach and proactive threat hunting helps secure our customers from rapidly proliferating and potentially damaging exploit.

How can you ensure the protection if your network against the MOVEit hack and other celebrity vulnerabilities?

Free vulnerability assessment to check if you have been affected.

KHIPU are offering the first three registrations a free vulnerability assessment to see if our SOC team can identify this vulnerability across your environment. Please register by completing the form below.

*Our “celebrity vulnerabilities is a term KHIPU uses to describe vulnerabilities that receive significant media coverage due to their severity e.g. Log4j, Apache Struts, ”

– – – – – – – – – –

Join us virtually on the 30^th November from 9.00-13.00 for the Education focussed SOC event not to be missed!

This virtual event will help you to understand why KHIPU has already been selected as the 24x7x365 SOC partner for many educational institutions in both the UK and South Africa.

Or guest speakers from Canterbury Christ Church University and the University of the Witwatersrand, will explain how the KHIPU SOC service is enhancing their existing capabilities, whilst transforming their cyber security environment with around-the-clock network monitoring detection and response to cyber-threats. In addition, we also have a guest speaker from Google Chronicle who will provide an update on the cyber security threat landscape as they see it.

Reserve Your Virtual Seat Here >