Nearly half of EDR tools and organizations are vulnerable to Clop ransomware gang tactics, according to tests by a cybersecurity company.
Cymulate ran 3,107 assessments across 340 organizations recently to see if security controls were adequate against the Clop (sometimes called “Cl0p” with a zero) ransomware group’s exploitation of a MOVEit software vulnerability (CVE-2023-34362).
The continuous threat exposure management (CTEM) vendor tested to see if organizational controls would recognize the Indicators of Compromise (IoCs) of Clop ransomware attacks. What they found was alarming:
Mike DeNapoli, Cybersecurity Architect and Director at Cymulate, told eSecurity Planet, “While the EDRs could possibly recognize the behavior of the attack if it was executed, which Cymulate can do in other modules, they did not recognize the known binaries used in the attacks. So … the EDR missed an indicator of compromise, and while it may have compensated for it later, the firewall should have stopped inbound/outbound traffic but failed to do so.”
Organizations can still be protected even if their EDR technologies only identify attack patterns rather than individual files, he said.
“The MOVEit vulnerability is shining a new light on exposure management because if the organization has an EDR tool that looks for the behaviors of these attacks but no ..
Support the originator by clicking the read the rest link below.
