A Look at the MOVEit Vulnerabilities

MICHAEL KAN-TOR

Junior Researcher

Fresh challenges are always popping up in the ever-evolving landscape of cybersecurity. This time, the spotlight is on MOVEit, a popular managed file transfer (MFT) software product. Over the last few weeks, several disclosures unveiled a host of SQL injection vulnerabilities, prompting concern among companies and institutions worldwide.

On May 31, Progress Software, American public company offering software for creating and deploying business applications, disclosed the first vulnerability, CVE-2023-34362. Since then, five more CVEs have been identified: CVE-2023-35036, CVE-2023-35708, CVE-2023-36934, CVE-2023-36932, and CVE-2023-36933. Estimates suggest that over 300 different entities have fallen victim to these vulnerabilities, including major global companies and local governments.

SQL Injection Vulnerabilities

SQL injection vulnerabilities allow unauthenticated attackers to gain unauthorized access to databases, undermining the security infrastructure of the application. In the case of MOVEit, these vulnerabilities have provided a dangerous gateway to databases.

One threat actor has stood out in exploiting these weaknesses: the “Cl0p” ransomware gang. Researchers believe that Cl0p has been quietly exploiting these vulnerabilities since July 2021. Moreover, experts speculate they might have procured the vulnerability from online black markets where researchers sell this information.

The Call to Action: Immediate Remediation

The ongoing incident has MOVEit customers shoring up their cybersecurity defenses. It is strongly advised that companies immediately update their MOVEit instances to the latest patched versions, particularly focusing on publicly exposed interfaces. These vulnerabilities, coupled with potential non-disclosed zero-day threats, are actively being exploited in the wild.

While Progress Software has yet to release an official remediation guide or statement, the primary advice remains clear: immediate and thorough patching is essential to safeguard against the current threats.

The Automotive and Mobility Sector: A Lucrative Target

Though no specific incidents have been linked to this vulnerability, the long-standing exploitation of these vulnerabilities indicates a broad spectrum of potential victims.

It’s critical for smart mobility players to remain vigilant. The massive amounts of data and services that the industry produces and uses make it a prime target for threat actors, and the potential for notoriety is the potential financial gain. This series of vulnerabilities, and the subsequent exploitation by groups like Cl0p, emphasizes the ongoing challenges in the cybersecurity landscape. 

Utilizing threat intelligence can help OEMs, Tier 1s, and 2s to gain visibility into their threat landscape and manage their cybersecurity risks. With dedicated insights into the SBOM, specific threats and vulnerabilities can be identified ahead of an exploit allowing for timely risk management.

Newsletter Icon

Upstream’s 2023 Global Automotive Cybersecurity Report

Newsletter Icon

Subscribe
to our newsletter

Sign up to receive updates delivered to your inbox

Cleared for takeoff? Upstream’s vSOC is the traffic control center for vehicles

Air traffic control centers play a critical role in ensuring the safety and efficiency of air traffic. The control centers help prevent aircraft collisions, maintain…

Read more

Discovery: An Essential First Step in Securing APIs

API security is a crucial facet of cybersecurity in this era of rapid digitalization. While APIs serve as potent tools operating across every aspect of…

Read more

Securing the Road Ahead: The Automotive Perspective of the New SEC Cybersecurity Rules

Cybersecurity has been recently positioned as a top priority by the SEC, requiring corporate America to disclose information on material cyber attacks. In addition to…

Read more

Upstream Security joins AWS ISV Accelerate: What does it mean for Connected Mobility and SDV makers?

On May 24, 2023 Upstream was selected to join the AWS Independent Software Vendor (ISV) Accelerate Partner Program. This marks an important milestone in our…

Read more