A Look at the MOVEit Vulnerabilities

MICHAEL KAN-TOR

Junior Researcher

July 31, 2023

Fresh challenges are always popping up in the ever-evolving landscape of cybersecurity. This time, the spotlight is on MOVEit, a popular managed file transfer (MFT) software product. Over the last few weeks, several disclosures unveiled a host of SQL injection vulnerabilities, prompting concern among companies and institutions worldwide.

On May 31, Progress Software, American public company offering software for creating and deploying business applications, disclosed the first vulnerability, CVE-2023-34362. Since then, five more CVEs have been identified: CVE-2023-35036, CVE-2023-35708, CVE-2023-36934, CVE-2023-36932, and CVE-2023-36933. Estimates suggest that over 300 different entities have fallen victim to these vulnerabilities, including major global companies and local governments.

SQL Injection Vulnerabilities

SQL injection vulnerabilities allow unauthenticated attackers to gain unauthorized access to databases, undermining the security infrastructure of the application. In the case of MOVEit, these vulnerabilities have provided a dangerous gateway to databases.

One threat actor has stood out in exploiting these weaknesses: the “Cl0p” ransomware gang. Researchers believe that Cl0p has been quietly exploiting these vulnerabilities since July 2021. Moreover, experts speculate they might have procured the vulnerability from online black markets where researchers sell this information.

The Call to Action: Immediate Remediation

The ongoing incident has MOVEit customers shoring up their cybersecurity defenses. It is strongly advised that companies immediately update their MOVEit instances to the latest patched versions, particularly focusing on publicly exposed interfaces. These vulnerabilities, coupled with potential non-disclosed zero-day threats, are actively being exploited in the wild.

While Progress Software has yet to release an official remediation guide or statement, the primary advice remains clear: immediate and thorough patching is essential to safeguard against the current threats.

The Automotive and Mobility Sector: A Lucrative Target

Though no specific incidents have been linked to this vulnerability, the long-standing exploitation of these vulnerabilities indicates a broad spectrum of potential victims.

It’s critical for smart mobility players to remain vigilant. The massive amounts of data and services that the industry produces and uses make it a prime target for threat actors, and the potential for notoriety is the potential financial gain. This series of vulnerabilities, and the subsequent exploitation by groups like Cl0p, emphasizes the ongoing challenges in the cybersecurity landscape. 

Utilizing threat intelligence can help OEMs, Tier 1s, and 2s to gain visibility into their threat landscape and manage their cybersecurity risks. With dedicated insights into the SBOM, specific threats and vulnerabilities can be identified ahead of an exploit allowing for timely risk management.

Newsletter Icon

The 2025 Global Automotive & Smart Mobility Cybersecurity Report

Newsletter Icon

Subscribe
to our newsletter

Stay up-to-date on the latest trends, emerging risks, and updates

Securing the Future of Agriculture: The Role of AI-Powered Cybersecurity in Protecting Connected Farming Ecosystems

This blog is the second in a series exploring the impact of technology on modern agriculture.  As agriculture undergoes a digital transformation, the integration of…

Read more

The Future of Agriculture: How Connected and Autonomous Technologies Are Transforming Farming

The agricultural industry is undergoing a technological revolution, driven by advancements in autonomous machinery, connected IoT devices, and AI-driven analytics. These innovations are helping farmers…

Read more

Upstream Appoints EV Charging Pioneer Wulf Schlachter as Strategic Advisor

As the EV charging ecosystem continues to expand, so do the cybersecurity risks associated with it. Charging infrastructure, from charging stations to cloud-based services, is…

Read more

Securing the Future of Autonomous Vehicles

Connected Autonomous Vehicles (CAVs) represent one of the most transformative innovations in transportation, but with this transformation comes a new array of cybersecurity challenges. Recently,…

Read more
Skip to content