MOVEit File Transfer Cyber Attack – What You Need to Know

Progress Software, the creators of MOVEit – the file transfer tool, have discovered a critical vulnerability in their tool. This vulnerability could lead to an attacker gaining unauthorized access to a businesses environment and gaining escalated privileges, allowing increased control over an organisation’s environment.

Not only is your business at risk if you use this software, but large companies have also already reported that information has been stolen. This relates to employees at eight of Zellis’s customers (Including the BBC, Boots and British Airways).

Progress have issued advice on mitigating this vulnerability and you can view it directly by clicking here!

Who’s behind it?

Microsoft and other security research firms have linked this attack to the notorious Cl0p ransomware gang. Cl0p operate as a Ransomware as a Service (RaaS) and is a Russian speaking threat actor. Their main motivation is financial gain and are not a state sponsored (funded by a government) group.

They gained infamy in the past three years due to their high-profile attacks such as exploiting a SolarWinds Serv-U vulnerability back in November 2021.

What to do if you use the MOVEit platform

If you use MOVEit the following steps are strongly recommended:

  1. Disable all HTTP and HTTPs traffic to your MOVEit transfer environment.
  2. Review, delete and reset.
    • Delete unauthorised files and user accounts.
    • Reset service account credentials.
  3. Apply the Patch – A patch has been released to mitigate this vulnerability.
  4. Verification – To confirm the files have been successfully deleted and no unauthorized accounts remain, follow all the actions within step 2 again. If you do find indicators of compromise, you should reset the service account credentials again.
  5. Re-enable all HTTP and HTTPs traffic to your MOVEit transfer environment.

Further Guidance and Information

NCSC guidance and information on this breach

Progress have also posted information around the vulnerability of the MOVEit software

get Clevr360

Speak to our team

Fill out the form below and we will be in touch with the next steps.