US-based security researchers have reported that hackers have stolen data from the systems of certain users of the file transfer tool, MOVEit Transfer. This comes one day after the software maker, Progress Software Corp, announced that a security vulnerability had been discovered in its software that could lead to unauthorised access into users’ systems. MOVEit Transfer is a managed file transfer software that allows organisations to transfer files and data between business partners and customers. It is still unclear which or how many organisations use the software or were impacted by potential breaches.
According to Chief Information Officer Ian Pitt, Progress Software made fixes available since it discovered the vulnerability. It is unknown which organisations were affected, but Pitt declined to share those details. It was also confirmed that the software’s cloud-based service had been impacted. However, Pitt specified that “as of now we see no exploit of the cloud platform.”
Rapid7, a cybersecurity firm, and Mandiant Consulting, owned by Google’s Alphabet, have reported that they found a number of cases in which the flaw had been exploited to steal data. Charles Carmakal, the chief technology officer of Mandiant Consulting, stated that “mass exploitation and broad data theft have occurred over the past few days.” Carmakal also warned organisations to prepare for potential extortion and publication of the stolen data.
The exploitation of “zero-day,” or previously unknown, vulnerabilities in managed file transfer solutions has led to data theft, leaks, extortion, and victim-shaming in the past, according to Mandiant. Although the motivation of the threat actor is unknown, Rapid7 said that it had noticed an increase in cases of compromise linked to the flaw since it was disclosed.
Progress Software has outlined steps that users at risk can take to mitigate the impact of the security vulnerability. Pitt has confirmed that they have “forensics partners on board” and are working with them to understand the situation better. He did not have a comment on who might have been trying to steal data by exploiting the flaw, stating that “we have no evidence of it being used to spread malware.”
MOVEit Transfer was used by a relatively “small” number of customers compared to those of the company’s other software products that number more than 20, according to Pitt.
Leave a Reply