Are YOU Protected? Recent MOVEit Application Hack.

• June 21, 2023
• Kadian Douglas

In the era of fast digital transformation, secure file transfer solutions have become an integral part of organizations’ day-to-day operations. MOVEit, a popular managed file transfer (MFT) application developed by Ipswitch (part of Progress Software), has long been used by businesses worldwide for its file transfer capabilities. However, recent developments have shed light on a vulnerability within MOVEit that demands attention and swift action.

Understanding MOVEit and Its Applications:

MOVEit is an MFT solution designed to facilitate secure file transfer and collaboration within and outside organizations. It offers various features, including encrypted file transfer protocols, secure folders, user access controls, auditing, and automation capabilities. MOVEit enables businesses to securely exchange sensitive data.

The Existing Vulnerability: Evolution and Impacts:

Unfortunately, MOVEit has recently faced a critical vulnerability that threatens the security and confidentiality of the transferred data. The vulnerability initially emerged as a flaw in the application’s authentication mechanism, allowing unauthorized access to user accounts and potentially exposing sensitive information. The evolution of this vulnerability has led to subsequent exploits, resulting in unauthorized data breaches and potential compromise of critical systems

The impacts of this vulnerability can be severe, compromising the privacy and integrity of sensitive data. Unauthorized access to user accounts could lead to unauthorized modification, theft, or exposure of confidential information, including personally identifiable information (PII), financial records, and intellectual property. Furthermore, the reputational damage and legal implications associated with data breaches could be significant.

What’s Next? Taking Proactive Measures and Seeking Third-Party Assistance:

Given the potential impact of the MOVEit vulnerability, it is crucial for organizations to take immediate action to mitigate the risks and secure their file transfer operations. Here are some steps to consider:

• Update and Patch: Stay informed about the latest updates and security patches provided by Progress. Regularly update the MOVEit application to ensure you have the latest security fixes and enhancements.
• Conduct Security Audits: Perform comprehensive security audits of your MOVEit deployment. Evaluate user access controls, authentication mechanisms, encryption protocols, and overall system configurations. Identify any potential vulnerabilities or misconfigurations that may expose your organization to risks.
• Engage Third-Party Experts: Seeking assistance from third-party security experts is highly recommended. These experts can conduct thorough penetration testing and vulnerability assessments to identify any significant issues that need immediate attention. Their expertise can help you uncover potential weaknesses and develop appropriate remediation strategies
• Enhance Security Measures: Implement multi-factor authentication (MFA) to add an extra layer of security to user accounts. Review and strengthen password policies, enforce regular password changes, and educate users about secure authentication practices
• Foster a Culture of Security: Emphasize the importance of cybersecurity within your organization. Provide regular training sessions to employees, promoting best practices in data protection, password hygiene, and identifying suspicious activities.
• Determine Exposure: 1) Identify and define a window of exposure (how long did you operate the vulnerable version). 2) Conduct an assessment (threat hunt, incident response review) to look for presence of indicator of compromise.
• Repeat: Repeat all the “next steps” for each service provider to determine a) if they use the affected version, b) do they have any exposure, and c) what have they done.

How can CLA help?

CLA’s cybersecurity team has years of experience performing risk assessments, application review, responding to cyber incidents and helping mitigate them. Please contact us to help in assessing and mitigating your risk for a cyber attack

Additional Resources

Progress Software Releases Security Advisory for MOVEit Transfer Vulnerability | CISAMOVEit Transfer Critical Vulnerability – CVE-2023-35708 (June 15, 2023) – Progress Community

Tags: #applicationpenetrationtesting, #applicationsecurityreview, #incidentresponse, #informationsecurity, cyber attack, cybersecurity, cybersecuritytraining, vulnerability, Incident Response, Information Security, IT Controls, Penetration Testing | Comments Off on Are YOU Protected? Recent MOVEit Application Hack.