On June 1, US security experts reported that hackers were stealing the data of several users from the systems of the well-known file transfer tool MOVEit Transfer. A day before, the developer of this software reported about a security flaw in it.
After revealing the flaw on May 31, software developer Progress Software Corp warned that it would enable unauthorised access to customers’ systems.
Ipswitch makes this file transfer software. It’s a Massachusetts-based company in Burlington, United States. It enables businesses to send files and data to clients and business partners.
It needs to be clarified how many organisations utilise this software or how many of them may have been affected by potential breaches. The Chief Information Officer of Progress, Ian Pitt, declined to divulge the specifics about the breach but noted that the company had released remedies after learning of the issue late on May 28.
Pitt did not respond to questions about who might have been trying to use the vulnerability to steal data, “We have no evidence of it being used to spread malware,” he said. Though he told Reuters that this breach had also impacted the software’s eponymous cloud-based service, “As of now we see no exploit of the cloud platform”.
He claimed that MOVEit Transfer was used by a comparatively “small” number of customers compared to the company’s other software products. He added, “We have forensics partners on board and we are working with them to make sure that we have an ever-evolving grasp of the situation.”
Rapid7, a cybersecurity company, and Mandiant Consulting, a company owned by Alphabet’s Google, claimed to have discovered numerous cases in which the flaw had been used to steal data. The chief technology officer of Mandiant Consulting, Charles Carmakal, said in a statement, “Mass exploitation and broad data theft have occurred over the past few days”.
According to Mandiant, such “zero-day”, or previously undiscovered vulnerabilities in the past in managed file transfer solutions have resulted in data theft, leaks, extortion, and victim-shaming. He added, “Although Mandiant does not yet know the motivation of the threat actor, organisations should prepare for potential extortion and publication of the stolen data”.
Rapid7 said it had noticed an uptick in cases of compromise linked to the flaw since it was disclosed. Users who are at risk can take the actions indicated by Progress Software to lessen the effects of the security vulnerability, such as disabling all HTTP traffic to your MOVEit Transfer environment, deleting unauthorised files and user accounts, resetting service account credentials and applying the patch to remove the flaw etc.
Hackers are notorious for using loopholes in software and devices to harm users or infect user devices using malware to steal their data. Recently, a new Trojan malware called SpinOk was discovered, and reportedly it affected as many as 101 applications on Google Play Store. Researchers at Dr Web, in collaboration with BleepingComputer, have identified this new spyware. Researchers have claimed that these malware attacks are in the form of advertisements and looks like third-party attack. The motive of the hackers is to target the personal data of individuals.
Just few days back Indian Computer Emergency Response Team or CERT-In released an advisory report stating that an Android malware named “Daam” infects mobile phones is spreading. This virus can access private information like call logs, contacts, history, and cameras. The advisory stated that the virus is capable of “bypassing anti-virus programs and deploying ransomware on the targeted devices”.