The slow-moving MOVEit disaster

Welcome to Runtime! Today: the fallout from a hack that has already affected millions continues to grow, a mini funding roundup before the holiday weekend, and the quote of the week.

Was this email forwarded to you? Sign up here to get Runtime each week.

Making progress?

It's hard to believe it's only been a little over a month since governments and businesses around the world discovered that sensitive data had been stolen thanks to a vulnerability in Progress Software's MOVEit file-transfer application. Ever since late May, the list of victims has continued to grow and security experts don't think we're out of the woods just yet.

Over 140 separate organizations have reported being hit by the attacks, Techcrunch reported Thursday, and by Friday the financial services provider for millions of teachers in the U.S. confirmed that it had also been affected. While the MOVEit attack bears resemblance to other ransomware attacks in the past, this situation is playing out a little differently.

• Most recent ransomware attacks we've seen were designed to encrypt the victim's sensitive data, bringing their operations to a halt.
• Two years ago the Colonial Pipeline attack closed gas stations up and down the East Coast because the energy company was unable to bill customers for its services after its servers were locked, and it shut down the actual pipeline operation as a precaution.
• Colonial Pipeline paid the ransom — which security experts advise companies not to do — and was given a decryption tool, but that tool worked so poorly that in the end the company recovered its data with backup tools a week later.

In this case, the Clop ransomware group believed to be behind the attacks isn't shutting down servers, which would alert victims immediately that something was wrong.

• Instead, it is dribbling out the names of affected organizations over a period of weeks and threatening to release that data to the public unless money changes hands.
• "It's sort of a new business model for them," Huntress senior researcher John Hammond told SC Media.
• And by targeting a file-transfer tool that was designed to "guarantee the reliability of core business processes and transfer sensitive data," according to Progress Software, it's almost certain that the stolen data contains some of the most valuable information shared by victims and their customers.

The timing of the discovery of the flaw means it could have affected MOVEit customers that followed best practices and rushed to patch their software upon discovery of the vulnerability, and they still might not know if their data has been stolen.

• And that's not even accounting for MOVEit customers that haven't patched their systems yet, which would be cybersecurity malpractice on their part but happens all the time.
• The majority of ransomware attacks in 2022 targeted vulnerabilities that were at least three years old and for which patches had been released, according to Dark Reading.
• It's relatively simple for a sophisticated attacker to target older versions of enterprise software still in use because businesses were scared to break other applications by applying the patch.

But given the news this week that SolarWinds security executives were targeted by a preliminary SEC investigation over that supply-chain security incident, the price for running insecure software could be about to skyrocket.

A MESSAGE FROM HASHICORP

Operational cloud maturity is the key to helping enterprises get the most from multi-cloud, slash costs, and maximize ROI with respect to speed, risk, and efficiency. Highly mature organizations are less likely to waste money on avoidable cloud spending, have an easier time dealing with cloud security issues, and better cope with the ongoing shortage of cloud skills. See the third annual State of Cloud Strategy Survey, commissioned by HashiCorp and conducted by Forrester Consulting.

Enterprise funding

(Runtime will be off for the Fourth of July holiday next Tuesday, so here's a mini roundup of new funding raised by enterprise tech startups this week.)

Fly.io raised $77 million to expand its boutique public cloud services, and wrote a very funny blog post about the whole thing.

Celestial AI raised $100 million to further its work on optical interconnects that increase the performance of AI applications.

Reka landed $77 million to help enterprises develop their own large-language models.

Speakeasy scored $7.7 million in seed funding for its efforts toward making it easier for developers to work with APIs.

Quote of the week

“We at JPMorgan Chase will not roll out generative AI until we can mitigate all of the risks." Larry Feinstein, head of global tech strategy at JPMorgan Chase, during the Databricks Data + AI Summit.

The Runtime roundup

Tech stocks ended the first half of the year up 32%, the best start for the category in 40 years as AI mania hits Wall Street.

TSMC was hit with a ransomware attack by the LockBit organization, which demanded $70 million to prevent it from publishing data stolen from the chip maker through one of its IT suppliers.

Developers working with Twitter's APIs are running into a lot of technical issues weeks after the company jacked up prices for those APIs, according to Mashable.

Software AG became the latest enterprise software company snapped up by private equity after Silver Lake paid €2.4 billion for a majority stake.

A MESSAGE FROM HASHICORP

Operational cloud maturity is the key to helping enterprises get the most from multi-cloud, slash costs, and maximize ROI with respect to speed, risk, and efficiency. Highly mature organizations are less likely to waste money on avoidable cloud spending, have an easier time dealing with cloud security issues, and better cope with the ongoing shortage of cloud skills. See the third annual State of Cloud Strategy Survey, commissioned by HashiCorp and conducted by Forrester Consulting.

Thanks for reading — Runtime is off Tuesday for the holiday, see you Thursday!