A Look at the MOVEit Vulnerabilities

Fresh challenges are always popping up in the ever-evolving landscape of cybersecurity. This time, the spotlight is on MOVEit, a popular managed file transfer (MFT) software product. Over the last few weeks, several disclosures unveiled a host of SQL injection vulnerabilities, prompting concern among companies and institutions worldwide.

On May 31, Progress Software, American public company offering software for creating and deploying business applications, disclosed the first vulnerability, CVE-2023-34362. Since then, five more CVEs have been identified: CVE-2023-35036, CVE-2023-35708, CVE-2023-36934, CVE-2023-36932, and CVE-2023-36933. Estimates suggest that over 300 different entities have fallen victim to these vulnerabilities, including major global companies and local governments.

SQL Injection Vulnerabilities

SQL injection vulnerabilities allow unauthenticated attackers to gain unauthorized access to databases, undermining the security infrastructure of the application. In the case of MOVEit, these vulnerabilities have provided a dangerous gateway to databases.

One threat actor has stood out in exploiting these weaknesses: the “Cl0p” ransomware gang. Researchers believe that Cl0p has been quietly exploiting these vulnerabilities since July 2021. Moreover, experts speculate they might have procured the vulnerability from online black markets where researchers sell this information.

The Call to Action: Immediate Remediation

The ongoing incident has MOVEit customers shoring up their cybersecurity defenses. It is strongly advised that companies immediately update their MOVEit instances to the latest patched versions, particularly focusing on publicly exposed interfaces. These vulnerabilities, coupled with potential non-disclosed zero-day threats, are actively being exploited in the wild.

While Progress Software has yet to release an official remediation guide or statement, the primary advice remains clear: immediate and thorough patching is essential to safeguard against the current threats.

The Automotive and Mobility Sector: A Lucrative Target

Though no specific incidents have been linked to this vulnerability, the long-standing exploitation of these vulnerabilities indicates a broad spectrum of potential victims.

It’s critical for smart mobility players to remain vigilant. The massive amounts of data and services that the industry produces and uses make it a prime target for threat actors, and the potential for notoriety is the potential financial gain. This series of vulnerabilities, and the subsequent exploitation by groups like Cl0p, emphasizes the ongoing challenges in the cybersecurity landscape. 

Utilizing threat intelligence can help OEMs, Tier 1s, and 2s to gain visibility into their threat landscape and manage their cybersecurity risks. With dedicated insights into the SBOM, specific threats and vulnerabilities can be identified ahead of an exploit allowing for timely risk management.