The fortress walls are crumbling: today's threats, exemplified by the recent zero-day CrushFTP attack, are overwhelming legacy secure file transfer systems.
As cybercriminals blitz through vulnerable networks, rattled CISOs face a harsh truth: yesterday's security is not enough. Systems built to protect yesterday can no longer withstand today's attacks.
The future of many organizations now depends on migrating to modern solutions purpose-built for contemporary threats. But what specific capabilities should companies prioritize when selecting a secure alternative to outdated architectures?
First, let’s dive into what happened.
In August 2023, a critical unauthenticated zero-day vulnerability in the CrushFTP enterprise suite was disclosed by Converge security researchers. This vulnerability was alarming due to its broad attack surface – affecting approximately 10,000 public instances, plus more behind corporate firewalls. The exploit allowed attackers to:
This vulnerability was fixed in CrushFTP version 10.5.2, but new threat intelligence suggests the risk of attacks is still high. According to Converge, hackers have reverse-engineered the existing patches to CrushFTP, having developed proof-of-concepts for additional infiltration.
The zero-day CrushFTP vulnerability and its subsequent patch, far from being unique, join a growing list of significant vulnerabilities in widespread services, such as the Progress Moveit issue identified in June.
Another widely used file transfer system, MOVEit Transfer by Progress Software, disclosed a SQL injection vulnerability in June 2023. This flaw was exploited in the wild, leading to widespread system takeovers. Key details of this vulnerability:
This trend highlights an ongoing challenge in securing large-scale, pervasive systems. And whether Progress MOVEit or CrushFTP, the lesson is clear. Legacy file services are no longer equipped against today’s threats, and more organizations are catching on.
Virtru’s Rob McDonald emphasizes the pervasiveness of this issue: “There are so many [of these legacy services] installed pervasively…Legacy secure file solutions can’t protect you. They are architecturally insufficient, and we continue to see market proof of that. When exposed, they typically spill all the goods.”
In light of these vulnerabilities, organizations must reevaluate their secure file transfer solutions. Here’s why Secure Share is the solution that organizations large and small are switching to after these critical attacks to legacy file-sharing services.
Modern, adaptable solutions like Virtru Secure Share offer a more secure, compliant, and control-oriented approach to file sharing and data protection. It’s time for organizations to reassess their cybersecurity strategies and embrace solutions that can adapt.
To discover how Virtru can help your organization, schedule time with our team.
Contact us to learn more about our partnership opportunities.