File Transferring Now Made Easier Between Android and Windows
With Google's Nearby Share, file transferring has become more simplified between Android devices and Windows PCs.
A Clop ransomware gang has exploited a critical vulnerability in the secure managed file transfer application known as ...
A Clop ransomware gang has exploited a critical vulnerability in the secure managed file transfer application known as MOVEit Transfer. This vulnerability, now assigned as CVE-2023-34262, gives hackers unauthorized access to MOVEit Transfer's database. Customers who utilize this MFT software have been encouraged to quickly deploy remediation measures to protect their data.
Organizations use managed file transfer software for secure electronic data exchange between systems and people.
Progress developed MOVEit Transfer to allow businesses to manage critical file transfers while leveraging Progress's security features, such as encryption tools, tamper-evident logging, and access controls. Because of governance requirements for data compliance, thousands of organizations have utilized this MFT software to meet regulations like HIPAA, GDPR, and PCI.
On May 31, 2023, Progress reported CV2-2023-34362 in MOVEit Transfer and MOVEit Cloud. Upon discovery of this vulnerability, they immediately launched an investigation, alerted customers, and offered immediate mitigation guidance. CV2-2023-34362 allows hackers to gain unauthorized access to data by inserting structured query language, or SQL, code into the database.
Microsoft attributed this hack to Lace Tempest, a Clop ransomware gang that has exploited similar vulnerabilities in the past to access data and extort money from victims. This group has since announced that they are responsible for taking advantage of MOVEit's zero-day vulnerability. The impact of this threat may potentially affect thousands of customers if they do not perform remediation measures.
Organizations have been vulnerable to ransomware attacks for over a decade, and they will continue to be open to these cyberattacks if they do not adopt reliable security measures.
Clop is an extortionist type of malware that utilizes the Ransomware-as-a-Service model. Clop itself is a WIN32 PE file that uses verified user signatures to bypass security software detection. Once Clop gained access to MOVEit Transfer, they authenticated themselves as the highest privileged user to release a data infiltration web shell.
Regarding the MOVEit cyberattack, Lace Tempest announced that they deleted stolen data owned by governments, children's hospitals, and the military. They claimed to have compromised the data of hundreds of organizations and demanded ransoms from their victims to prevent exposure on their Clop data leak site.
Beyond extorting its victims, this Clop group can post data for sale on underground forums and leverage data for future cyberattack operations. Depending on the intellectual nature and sensitivity of the stolen data, the impact of selling this data to underground sites can be devastating for government and military affairs.
Potential victims affected by the MOVEit hacks should employ the following measures to see if they have been infiltrated.
Per Rapid7 management teams, a patch is available to fix the MOVEit Transfer app for emergency situations. A fixed version of this software is available for upgrade. If a patch is required, Rapid7 recommended that users only download the patch directly from their articles and not from outside sources.
Because Clop ransomware affected the MOVEit Cloud, users who have adopted the Microsoft Azure Integration should rotate their Azure storage keys. All users should also set firewalls to restrict HTTP and HTTPS traffic into MOVEit on ports 80 and 443.
Since event logging is typically enabled after installation, users may have affected records available on the host. Log data should be captured before wiping out and restoring the application. Custom audit reports can be queried directly or through MOVEit's built-in reporting functionality.
In light of this ransomware attack, protecting internal and external data transfer is crucial for your organization. While there are no 100% guarantees that you will not be hacked, addressing the following points can help you recover from a ransomware attack:
An incident response plan should be an essential part of your organization's cybersecurity protocol.
Many businesses have turned to cloud migration to maintain the pace of today's cyberspace and to tap into limitless data storage. While cloud services allow businesses to thrive, choosing the wrong migration team can make your enterprise vulnerable to attacks similar to that of MOVEit Transfer.
With unmatched next generation migration technology, Cloudficient is revolutionizing the way businesses retire legacy systems and transform their organization into the cloud. Our business constantly remains focused on client needs and creating product offerings that match them. We provide affordable services that are scalable, fast and seamless.
If you would like to learn more about how to bring Cloudficiency to your migration project, visit our website, or contact us.
With Google's Nearby Share, file transferring has become more simplified between Android devices and Windows PCs.
Explore how data migration reconciliation techniques enhance accuracy, streamline operations and guide informed decisions. Dive in for key insights!
The leading eDiscovery platforms and cloud services are scaling to meet increased demand. Learn more about how these platforms process growing...