Vulnerability Insights: MOVEit and More
What is MOVEit?
MOVEit is a managed file transfer (MFT) tool created by Progress Software. During the MOVEit transfer process, data is transmitted from a user’s account to a web server and subsequently downloaded into another user’s account.
What’s the problem?
In early June, a Russian hacker group, Cl0p, claimed they exploited a vulnerability in MOVEit, gaining unauthorized access to servers containing large quantities of data. Consequently, they managed to exfiltrate millions of records from these compromised servers and hold them for ransom. Progress Software has acknowledged the problem and NIST has published CVE-2023- 35708 & CVE-2023-34362 with a Critical/9.8 rating on a scale of 10.
Progress Software recommends:
- Disabling all HTTP and HTTPs traffic to your MOVEit Transfer environment
- Reviewing, deleting and resetting unauthorized files and user accounts on your network
- Monitoring your network to see if login surges or unexpected remote activities or charges occur
- Applying the newest patch from Progress Software
Whose problem is that?
If your organization or your vendors use MOVEit there are several risks to be aware of:
- Unauthorized Access: A Vulnerability within MOVEit could serve as an entry point for attackers like Cl0p Ransomware to breach your organization’s network, allowing them unauthorized access to critical files, intellectual property, or personally identifiable information (PII).
- Data Breaches: By capitalizing on MOVEit vulnerabilities, attackers could potentially intercept or manipulate file transfers, resulting in data breaches.
- Compliance Violations: If your organization operates in an industry with stringent compliance requirements (such as healthcare, finance, or government), a MOVEit vulnerability can compromise your ability to meet these obligations.
If you are unsure if you or one of your vendors utilizes MOVEit, it’s time to get moving!
How can you stay on top of vulnerabilities like MOVEit?
Vulnerability management is an ongoing process. It’s critical to have an inventory of your company’s applications, assets, and vendors in order to stay informed about emerging threats and ensure the continued security of your organization’s assets.
Great American recommends a proactive approach to vulnerability management which, in addition to staying on top of your inventory, also includes regular patching and configuration management. Implementing strong configuration management practices and a robust patch management system to identify, test and apply security updates will reduce the risk of vulnerabilities and misconfiguration across your IT stack.
Some additional measures that you should consider include:
- Network Segmentation and Access Control: Employ network segmentation and access control measures to isolate critical systems and prevent unauthorized access.
- Intrusion Detection and Vulnerability Scanning: Deploy intrusion detection systems and conduct regular vulnerability assessments to identify vulnerabilities in your IT infrastructure.
- Develop a Vendor Risk Management Program: staying on top of the security posture and technology stack of your company’s vendors is critical to managing the risks that unsecure vendors pose to your organization. Solutions like Security Scorecard can provide immediate impact on your company.
We’re here to help - Contact our Loss Control Consultants today
Having effective plans in place and resources at your fingertips can be the difference between a successful attack or an attempted one. Great American policyholders can use our innovative risk management platform, Eagle Eye, to build an IT Roadmap that will help your company better manage evolving risks like the MOVEit vulnerability and more.
Help Secure Your Business with Cyber Insurance
Our experienced team of cyber risk professionals understands the complex digital threat landscape businesses operate in. Learn more about our easy-to-understand cyber risk products designed to meet the differing needs of different small and mid-sized clients.