A Look at the MOVEit Vulnerabilities

MICHAEL KAN-TOR

Junior Researcher

July 31, 2023

Fresh challenges are always popping up in the ever-evolving landscape of cybersecurity. This time, the spotlight is on MOVEit, a popular managed file transfer (MFT) software product. Over the last few weeks, several disclosures unveiled a host of SQL injection vulnerabilities, prompting concern among companies and institutions worldwide.

On May 31, Progress Software, American public company offering software for creating and deploying business applications, disclosed the first vulnerability, CVE-2023-34362. Since then, five more CVEs have been identified: CVE-2023-35036, CVE-2023-35708, CVE-2023-36934, CVE-2023-36932, and CVE-2023-36933. Estimates suggest that over 300 different entities have fallen victim to these vulnerabilities, including major global companies and local governments.

SQL Injection Vulnerabilities

SQL injection vulnerabilities allow unauthenticated attackers to gain unauthorized access to databases, undermining the security infrastructure of the application. In the case of MOVEit, these vulnerabilities have provided a dangerous gateway to databases.

One threat actor has stood out in exploiting these weaknesses: the “Cl0p” ransomware gang. Researchers believe that Cl0p has been quietly exploiting these vulnerabilities since July 2021. Moreover, experts speculate they might have procured the vulnerability from online black markets where researchers sell this information.

The Call to Action: Immediate Remediation

The ongoing incident has MOVEit customers shoring up their cybersecurity defenses. It is strongly advised that companies immediately update their MOVEit instances to the latest patched versions, particularly focusing on publicly exposed interfaces. These vulnerabilities, coupled with potential non-disclosed zero-day threats, are actively being exploited in the wild.

While Progress Software has yet to release an official remediation guide or statement, the primary advice remains clear: immediate and thorough patching is essential to safeguard against the current threats.

The Automotive and Mobility Sector: A Lucrative Target

Though no specific incidents have been linked to this vulnerability, the long-standing exploitation of these vulnerabilities indicates a broad spectrum of potential victims.

It’s critical for smart mobility players to remain vigilant. The massive amounts of data and services that the industry produces and uses make it a prime target for threat actors, and the potential for notoriety is the potential financial gain. This series of vulnerabilities, and the subsequent exploitation by groups like Cl0p, emphasizes the ongoing challenges in the cybersecurity landscape. 

Utilizing threat intelligence can help OEMs, Tier 1s, and 2s to gain visibility into their threat landscape and manage their cybersecurity risks. With dedicated insights into the SBOM, specific threats and vulnerabilities can be identified ahead of an exploit allowing for timely risk management.

Newsletter Icon

The After-Sales Quality Report, Zooming in on the Power of AI

Newsletter Icon

Subscribe
to our newsletter

Stay up-to-date on the latest trends, emerging risks, and updates

Rethinking the Perimeter: Excessive Data Exposure and the Outbound Blind Spot

As SOC executives transition to managing autonomous MCP servers on top of the existing complex cloud topologies and distributed microservices, we must acknowledge a critical…

Read more

Rethinking the Perimeter: The Hidden Blast Radius of “Harmless” Endpoints

As SOC executives navigate an era of autonomous AI agents, complex machine-to-machine integrations, and Model Context Protocol (MCP) servers, we must accept a harsh architectural…

Read more

Behavior and Kinetic Impact Define the New AI Security Paradigm

For decades, enterprise cybersecurity has been obsessed with lines in the sand. We built walls around networks, drew perimeters around systems, and gated access to…

Read more

Rethinking the Perimeter: BOLA and the Illusion of the Legitimate Request

As SOC executives navigating an era of autonomous AI agents, complex machine-to-machine integrations, and Model Context Protocol (MCP) servers, we must accept a harsh architectural…

Read more