MOVEit Transfer File Transfer Management Solution Vulnerability Discovered
Last week, it became known that during an audit of the MOVEit Transfer file transfer management solution, new critical bugs were discovered. Hundreds of companies have already been compromised due to the exploitation of a 0-day vulnerability in MOVEit Transfer, including giants such as British Airways and the BBC.
Background
A 0-day vulnerability (CVE-2023-34362) in the MOVEit Transfer file transfer management solution was discovered in early June 2023. All versions of MOVEit Transfer were affected by the problem, and it was reported that attacks on them began as early as May 27, 2023. The bug was a SQL injection that leads to remote code execution. Exploitation of the vulnerability can lead to privilege escalation and give third parties unauthorized access to the MOVEit Transfer environment. Attackers used the vulnerability to deploy custom web shells on affected servers, allowing them to list files stored on the server, download files, and steal Azure Blob Storage account credentials and secrets, including the AzureBlobStorageAccount, AzureBlobKey, and AzureBlobContainer settings. Microsoft analysts have linked these attacks to the Clop ransomware hack group (aka Lace Tempest, TA505, FIN11, or DEV-0950). It soon became known that a total of hundreds of companies were compromised during the attacks, and the hack was confirmed by the Irish airline Aer Lingus, British Airways, the BBC and the British pharmacy chain Boots.
New Vulnerabilities Discovered
Now MOVEit Transfer developers have warned customers about new critical vulnerabilities in their file transfer management product. New bugs were found during a security audit, which, after massive attacks, was carried out by experts from the Huntress company.
According to the manufacturer, the new vulnerabilities are SQL injections and affect all versions of MOVEit Transfer, allowing unauthenticated attackers to hack Internet-accessible servers, changing or stealing user information.
“All MOVEit Transfer customers must install the new patch released on June 9, 2023. The investigation is still ongoing, but at this time we have found no signs of exploitation of these newly discovered vulnerabilities,” the company added.
The developers note that all MOVEit Cloud clusters have already received fresh fixes that have protected them from potential attack attempts.
It is also worth noting that a PoC exploit for the original zero-day vulnerability (CVE-2023-34362) appeared recently, which began massive attacks on MOVEit Transfer clients. The exploit, as well as a detailed technical analysis of the vulnerability and a list of indicators of compromise that network defenders can use to detect the exploitation of a bug on vulnerable servers, were published by researchers from Horizon3.
Information security experts warn that after the release of this exploit, more attackers are likely to use it in attacks or create their own versions to attack unpatched servers still available on the Internet.
MOVEit Transfer File Transfer Management Solution Vulnerability Discovered
Last week, it became known that during an audit of the MOVEit Transfer file transfer management solution, new critical bugs were discovered. Hundreds of companies have already been compromised due to the exploitation of a 0-day vulnerability in MOVEit Transfer, including giants such as British Airways and the BBC.
Background
A 0-day vulnerability (CVE-2023-34362) in the MOVEit Transfer file transfer management solution was discovered in early June 2023. All versions of MOVEit Transfer were affected by the problem, and it was reported that attacks on them began as early as May 27, 2023. The bug was a SQL injection that leads to remote code execution. Exploitation of the vulnerability can lead to privilege escalation and give third parties unauthorized access to the MOVEit Transfer environment. Attackers used the vulnerability to deploy custom web shells on affected servers, allowing them to list files stored on the server, download files, and steal Azure Blob Storage account credentials and secrets, including the AzureBlobStorageAccount, AzureBlobKey, and AzureBlobContainer settings. Microsoft analysts have linked these attacks to the Clop ransomware hack group (aka Lace Tempest, TA505, FIN11, or DEV-0950). It soon became known that a total of hundreds of companies were compromised during the attacks, and the hack was confirmed by the Irish airline Aer Lingus, British Airways, the BBC and the British pharmacy chain Boots.
New Vulnerabilities Discovered
Now MOVEit Transfer developers have warned customers about new critical vulnerabilities in their file transfer management product. New bugs were found during a security audit, which, after massive attacks, was carried out by experts from the Huntress company.
According to the manufacturer, the new vulnerabilities are SQL injections and affect all versions of MOVEit Transfer, allowing unauthenticated attackers to hack Internet-accessible servers, changing or stealing user information.
“All MOVEit Transfer customers must install the new patch released on June 9, 2023. The investigation is still ongoing, but at this time we have found no signs of exploitation of these newly discovered vulnerabilities,” the company added.
The developers note that all MOVEit Cloud clusters have already received fresh fixes that have protected them from potential attack attempts.
Information security experts warn that after the release of a PoC exploit for the original zero-day vulnerability (CVE-2023-34362), more attackers are likely to use it in attacks or create their own versions to attack unpatched servers still available on the Internet.
The MOVEit Transfer file transfer management solution is a popular tool used by many companies to securely transfer files between different systems. It is used by organizations of all sizes, from small businesses to large enterprises. However, the recent discovery of a 0-day vulnerability in the system has put many companies at risk of being hacked.
The vulnerability, which was discovered in early June 2023, was a SQL injection that allowed attackers to deploy custom web shells on affected servers. This allowed them to list files stored on the server, download files, and steal Azure Blob Storage account credentials and secrets. Microsoft analysts have linked these attacks to the Clop ransomware hack group.
The vulnerability was so severe that hundreds of companies were compromised during the attacks, including the Irish airline Aer Lingus, British Airways, the BBC and the British pharmacy chain Boots.
Now, MOVEit Transfer developers have warned customers about new critical vulnerabilities in their file transfer management product. The new bugs were found during a security audit, which was carried out by experts from the Huntress company.
According to the manufacturer, the new vulnerabilities are SQL injections and affect all versions of MOVEit Transfer, allowing unauthenticated attackers to hack Internet-accessible servers, changing or stealing user information.
“All MOVEit Transfer customers must install the new patch released on June 9, 2023. The investigation is still ongoing, but at this time we have found no signs of exploitation of these newly discovered vulnerabilities,” the company added.
The developers note that all MOVEit Cloud clusters have already received fresh fixes that have protected them from potential attack attempts.
Information security experts warn that after the release of a PoC exploit for the original zero-day vulnerability (CVE-2023-34362), more attackers are likely to use it in attacks or create their own versions to attack unpatched servers still available on the Internet.
Organizations that use MOVEit Transfer should take steps to ensure that their systems are secure. This includes installing the latest patch released by the manufacturer, as well as using additional security measures such as two-factor authentication and regular security scans. Additionally, organizations should be aware of the indicators of compromise that can be used to detect the exploitation of a bug on vulnerable servers.
The recent discovery of a 0-day vulnerability in the MOVEit Transfer file transfer management solution has highlighted the importance of keeping systems up-to-date and secure. Organizations should take steps to ensure that their systems are protected from potential attacks, and be aware of the indicators of compromise that can be used to detect the exploitation of a bug on vulnerable servers.