Member-only story
MOVEit Hacks: Stories and lessons learned
The MOVEit file transfer software has been in the news lately as being a point of compromise for many organisations within the past few weeks. The vulnerability stems from an SQL injection, which could lead to Remote Code Execution if carried out properly.
To Non-members of Medium, use this link.
The last time the cybersecurity community saw such a series of attacks was with the Apache Log4j vulnerability, which affected thousands of servers worldwide. The MOVEit transfer software severity level is no different, as it is used to transfer files within and out of organisations securely (until recently that is).
On June 1, Bleeping Computer reported that hackers were exploiting a new critical zero-day vulnerability in the MOVEit Transfer software to steal data from organizations. The vulnerability affected HTTP and HTTPS transfers and Progress advised the ports to be blocked.
The following day, Mandiant released a blog post, informing that the vulnerability had been exploited as early as May 27. However, Security week reported that it had been around as early as July 2021.
Mandiant initially attributed a campaign exploiting the vulnerability to FIN11. However, on June 5, the Cl0P ransomware group announced they were responsible for attacks on infrastructure for the purpose of data theft.
Progress said they had patched the vulnerability on May 31, but that was just the beginning of the unfortunate series of events that followed. The following took place within the days ahead.
Nova Scotia
On June 3, Nova Scotia had announced that there was a privacy breach affecting as many as 100,000 people were affected. The MOVEit vulnerability was used to steal personal information of employees of Nova Scotia Health, IWK Health Care and the public service.
