The Progress MOVEit story continues to unfold, as more and more organizations come forward to report data breaches and security incidents — including government agencies and large enterprises.
Now, over a month later, a new critical flaw has been identified in the managed file transfer service, and a MOVEit patch is available to bring organizations up to date with their risk mitigation. According to a Progress advisory, “An attacker could submit a crafted payload to a MOVEit Transfer application endpoint which could result in modification and disclosure of MOVEit database content.”
Here’s what security leaders need to know about the MOVEit Transfer saga to date.
What Happened with Progress MOVEit Transfer?
If you’re coming up to speed, a zero-day vulnerability was identified in the Progress MOVEit Transfer product on June 1. Since that time, news of breaches and additional vulnerabilities in the software have emerged. You can read about the original zero-day incident in this article from Virtru’s editorial team, as well as a MOVEit Transfer update from June 12.
To summarize, the zero-day vulnerabilities allowed attackers to execute arbitrary code remotely on the victim's system. The flaw in MoveIT Transfer was a severe SQL injection vulnerability, allowing attackers to gain unauthorized access to databases and potentially escalate privileges. The impact of the MOVEit vulnerability was sweeping, with banks, universities, and government agencies affected, and customer data compromised.
How Serious is the Progress MOVEit Transfer Vulnerability?
Very serious. Considering the level of access that a hacker could gain to sensitive data stored and shared via MOVEit Transfer, the vulnerability should be taken seriously. CISA and the FBI are investigating the exploits to date, which CISA attributes to the CL0P Ransomware Gang.
The following CVEs have been issued for the vulnerabilities addressed in the latest patch:
What To Do If You Use Progress MOVEit Transfer
This vulnerability possesses a high level of severity due to its potential for exploitation and the subsequent consequences. Organizations utilizing MOVEit Transfer must treat this vulnerability as a top priority and take immediate action to mitigate the risks involved. This includes:
- Applying the latest patch as soon as possible
- Conducting vulnerability scans and penetration testing
- Thoroughly analyzing network traffic
- Reviewing user permissions and access at the data level to ensure users only have the access they need to get their jobs done
- Provide a refresher on cybersecurity hygiene and best practices
- Evaluate your go-forward plan
First things first: Make sure your current data environment is as secure as possible. Take the necessary actions to mitigate data loss and risk.
Once you've secured your systems and data, you’ll want to do a review of the incident and decide whether you want to stay with your current solutions, or explore other options.
Interested in Moving On from MOVEit? Consider Virtru for Secure Cloud File Sharing.
If you’re looking for a secure file transfer solution that provides easy-to-use encryption, can handle large files, and offers integrations with the apps you use every day, check out Virtru Secure Share. With Secure Share, you can opt for a simple, in-browser experience or integrate our solutions with your everyday tools like Salesforce and Zendesk. We also have lightweight, easy-to-use email encryption that you can deploy fast.
If you’re ready to move on, we hope you’ll consider Virtru. We’d love to show you how simple it can be to deploy our data-centric security solutions for your organization: Contact our team today for a demo.
Remember, cybersecurity is an ongoing effort that requires constant attention and adaptation — and it’s a team sport: No single solution will cover 100% of your security needs. Stay informed, stay vigilant, and together, we can navigate the evolving threat landscape and protect our data from bad actors.
