Progress Software on Thursday revealed a third vulnerability affecting its MOVEit Transfer application as the Cl0p cybercriminal gang deployed extortion tactics against affected companies.
The new flaw, which has not yet been assigned a CVE identifier, is also related to a SQL injection vulnerability that “could lead to privilege escalation and potentially unauthorized access to the environment.”
The company is urging all customers to disable all HTTP and HTTPS traffic to MOVEit Transfer on ports 80 and 443 to protect their environment while preparing a patch to address this vulnerability. .
The disclosure comes a week after Progress exposed another SQL injection vulnerability (CVE-2023-35036), which could be weaponized to access application database content. The company says it has potential.
These vulnerabilities join CVE-2023-34362 and have been exploited as a zero-day data theft attack by the Clop ransomware gang. Kroll said he found evidence that the group, dubbed “Race Tempest” by Microsoft, was testing the exploit as far back as July 2021.
This development coincides with Cl0p’s attackers listing the names of 27 companies they claim to have been hacked using the MOVEit Transfer flaw on their darknet leak portal. This includes several federal agencies, including the Department of Energy, according to a CNN report.
“The number of potentially compromised organizations to date is significantly higher than the initial number specified as part of Klopp’s last MFT exploit, the Fortra GoAnywhere MFT campaign,” said ReliaQuest.
🔐 Mastering API Security: Understanding Your True Attack Surface
Discover untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join us for an insightful webinar!
join the session
According to Censys, a web-based search platform for assessing the attack surface of internet-connected devices, of the more than 1,400 public hosts running MOVEit, nearly 31% are in the financial services industry and 16% are in Healthcare, 9% in information technology, and 8% in financial services. in government and military sectors.Nearly 80% of servers are based in the US
According to Kaspersky’s analysis, of the 97 families spread via malware-as-a-service (MaaS) business models between 2015 and 2022, ransomware topped the list with a 58% share, while information thieves ( 24%), followed by botnets, loaders and backdoors (18%).
“Money is the root of all evil, including cybercrime,” said a Russian cybersecurity firm, and the MaaS plan allows even less technically skilled attackers to enter the fray, thereby allowing such attacks to continue. He added that it would lower the hurdles to implement.
