Fresh challenges are always popping up in the ever-evolving landscape of cybersecurity. This time, the spotlight is on MOVEit, a popular managed file transfer (MFT) software product. Over the last few weeks, several disclosures unveiled a host of SQL injection vulnerabilities, prompting concern among companies and institutions worldwide.
On May 31, Progress Software, American public company offering software for creating and deploying business applications, disclosed the first vulnerability, CVE-2023-34362. Since then, five more CVEs have been identified: CVE-2023-35036, CVE-2023-35708, CVE-2023-36934, CVE-2023-36932, and CVE-2023-36933. Estimates suggest that over 300 different entities have fallen victim to these vulnerabilities, including major global companies and local governments.
SQL Injection Vulnerabilities
SQL injection vulnerabilities allow unauthenticated attackers to gain unauthorized access to databases, undermining the security infrastructure of the application. In the case of MOVEit, these vulnerabilities have provided a dangerous gateway to databases.
One threat actor has stood out in exploiting these weaknesses: the “Cl0p” ransomware gang. Researchers believe that Cl0p has been quietly exploiting these vulnerabilities since July 2021. Moreover, experts speculate they might have procured the vulnerability from online black markets where researchers sell this information.
The Call to Action: Immediate Remediation
The ongoing incident has MOVEit customers shoring up their cybersecurity defenses. It is strongly advised that companies immediately update their MOVEit instances to the latest patched versions, particularly focusing on publicly exposed interfaces. These vulnerabilities, coupled with potential non-disclosed zero-day threats, are actively being exploited in the wild.
While Progress Software has yet to release an official remediation guide or statement, the primary advice remains clear: immediate and thorough patching is essential to safeguard against the current threats.
The Automotive and Mobility Sector: A Lucrative Target
Though no specific incidents have been linked to this vulnerability, the long-standing exploitation of these vulnerabilities indicates a broad spectrum of potential victims.
It’s critical for smart mobility players to remain vigilant. The massive amounts of data and services that the industry produces and uses make it a prime target for threat actors, and the potential for notoriety is the potential financial gain. This series of vulnerabilities, and the subsequent exploitation by groups like Cl0p, emphasizes the ongoing challenges in the cybersecurity landscape.
Utilizing threat intelligence can help OEMs, Tier 1s, and 2s to gain visibility into their threat landscape and manage their cybersecurity risks. With dedicated insights into the SBOM, specific threats and vulnerabilities can be identified ahead of an exploit allowing for timely risk management.
Upstream’s 2024 Global Automotive Cybersecurity Report
Upstream Participates in TISAX, Accelerating Customer Onboarding & Ensuring Data Protection
In the fast-evolving landscape of the automotive industry, ensuring robust information security practices is paramount. Recognizing the significance of TISAX, the Trusted Information Security Assessment…Read more
Revving Up Safety: UN Regulation R155 Now Covers Motorcycles
On Jan. 26, the UNECE decided to include motorcycles, scooters, and electric bicycles in the scope of UNECE WP.29 R155. With this move, the UNECE…Read more
NIS2 Directive’s Impact on the Smart Mobility Ecosystem
The NIS2 Directive, expected to become mandatory in October 2024, aims to significantly enhance the cybersecurity framework within the European Union. It broadens the scope…Read more
CEO View: Yoav Levy on Future of Automotive Cybersecurity
DLD 2024 (Digital-Life-Design) is a world-renowned innovation conference, that provides a platform for people eager to change the world in the digital era. Yoav Levy,…Read more