The MOVEit vulnerability stands out as a zero-day threat currently being exploited by the CL0P Ransomware Group and others. While numerous zero-day vulnerabilities lurk in the shadows of our digital environments, this one has stepped into the spotlight for causing significant breaches in large and critical enterprises including software firms high up in the supply chain. The escalating exploitation of this vulnerability underscores its significance, compelling organizations to take swift, robust action in response.
This vulnerability, categorized as CVE-2023-34362 by MITRE, is a recent discovery in the MOVEit software. MOVEit is designed to facilitate secure file and data transfers. Unfortunately, it harbors a SQL injection vulnerability that is highly exploitable and undermines the very security it was intended to provide.
The risk from this vulnerability is significant, with a criticality rating of 9.8 according to MITRE. Attackers who exploit it can execute arbitrary code, escalate privileges, and insert ransomware. In some instances, the inclusion of a file named ‘human2.aspx’ was observed to generate persistence.
On June 7th, 2023, CISA alongside the FBI released a joint advisory announcing that the Cl0p Ransomware Group was actively exploiting this vulnerability.
Furthermore, a second (CVE-2023-35036) and third (CVE-2023-35708) MOVEit vulnerability was later discovered. These vulnerabilities can also lead to privilege escalation, but at the time of writing, their severity is uncertain.
According to the CL0P Ransomware Group, this is an ‘exceptional’ exploit that has reportedly been used to compromise hundreds of companies, including banks, universities, and multinationals. The exploit has also been linked to recent attacks on various federal agencies, including energy sector entities.
In the following wave of attacks, the following U.S. entities have been compromised by CL0P Ransomware, according to CL0P’s own leaks website: Colorado Department of Health Care Policy & Financing, University of Rochester, Minnesota Department of Education, Oregon Department of Transportation (ODOT), U.S. Department of Agriculture, United States Office of Personnel Management (OPM), American Board of Internal Medicine (ABIM), University of Georgia, Johns Hopkins University, and others.
Any system using the MOVEit software that hasn’t patched the vulnerability is at risk. Particularly, if your infrastructure incorporates MOVEit for ‘Secure Managed File Transfer,’ it’s essential to take action. According to ‘IoT search engine’ Shodan Report, at least 2,500 networks are potentially exposed to the MOVEit vulnerability, the majority of which are located in the USA.
In response to the vulnerability, the provider has released some remediation steps and security recommendations, which are available on their community forum. But for a comprehensive approach to security, consider these security measures:
Beyond these steps, Lumu’s support can offer a last security layer, helping to assess your security posture and provide tools to correct it in time, as shown in our recent Davivienda case study.
Finally, always remember: a single vulnerability shouldn’t undermine your entire security strategy. Maintain a comprehensive cybersecurity approach that covers all bases, from robust identity access management to proactive vulnerability management. This will ensure resilience against the MOVEit vulnerability and many other zero-day vulnerabilities.
Reading Time: 5 mins Introducing Lumu Autopilot, the latest innovation that delivers on our promise…
Reading Time: 4 mins The Palo Alto Networks PAN-OS firewall vulnerability exemplifies critical flaws in…
Reading Time: 2 mins Efficiently confirm and address ConnectWise ScreenConnect vulnerabilities with our guide and…
Reading Time: 7 mins LockBit takedown news and guidance: arrests made, resilience shown, and future…
Reading Time: 3 mins Explore the challenges faced by a wide range of organizations in…
Reading Time: 7 mins Explore how Infostealers compromise global security, silently stealing data and offering…