Rising Cyber Threats: Uncovering the Third MOVEit Transfer Vulnerability and Cl0p Gang’s Extortion Methods

The recent disclosure of a new vulnerability impacting Progress Software’s MOVEit Transfer application has highlighted the critical need for robust security measures and timely patching. The revelation comes at a time when the Clop ransomware gang has been exploiting multiple vulnerabilities in the software to target a wide range of organizations, including US federal agencies.

In this article, we will examine the details of the newly disclosed vulnerability and its potential impact, as well as the previous vulnerabilities exploited by the Clop ransomware gang. Additionally, we will look at statistics on the industry and location of exposed hosts running MOVEit and analyze the prevalence of different types of malware, including ransomware.

Progress Software’s Third Vulnerability Disclosure

Progress Software recently disclosed a third vulnerability impacting its MOVEit Transfer application. This time, the vulnerability is an SQL injection vulnerability that “could lead to escalated privileges and potential unauthorized access to the environment.”

The company has urged customers to disable all HTTP and HTTPS traffic to MOVEit Transfer on ports 80 and 443 to safeguard their environments while a patch is being prepared. The urgency of this recommendation is compounded by the fact that the Clop ransomware gang has already been exploiting vulnerabilities in the software.

Details of the new SQL injection vulnerability and potential impact

The new SQL injection vulnerability could have serious consequences for affected organizations. SQL injection attacks are among the most common and damaging types of attacks. They can lead to data breaches, data loss, and even system takeover.

The vulnerability was discovered by security professionals who were assessing the software for potential weaknesses. They found that it was possible to inject SQL queries into the application’s database, which could lead to privileged access to the environment. If exploited, this vulnerability could allow an attacker to take over the system, access sensitive data, and cause significant damage to the targeted organization.

Previously discovered vulnerabilities were exploited by the Clop ransomware gang

This latest vulnerability follows two previous SQL injection vulnerabilities that were disclosed by Progress Software in July 2021. These vulnerabilities were also exploited by the Clop ransomware gang, who used them to steal data from the customers of the software.

The Clop actors have listed the names of 27 companies that they claim were hacked using the MOVEit Transfer flaw on their darknet leak portal, including multiple US federal agencies. This highlights the critical need for timely patching and robust security measures to protect against such threats.

Statistics on the industry and location of exposed hosts running MOVEit

According to Censys, a web-based search platform for assessing the attack surface of internet-connected devices, nearly 31% of over 1,400 exposed hosts running MOVEit are in the financial services industry. This suggests that attackers are targeting organizations with high-value data and assets.

Additionally, nearly 80% of the servers running MOVEit are based in the US, according to Censys. This further underscores the urgency of taking steps to secure the software against attacks.

Analysis of ransomware attacks compared to other types of malware

According to a recent analysis by Kaspersky, ransomware leads with a 58% share, followed by information stealers (24%), and botnets, loaders, and backdoors (18%). This highlights the growing risk of ransomware attacks and emphasizes the need for organizations to adopt robust security measures to protect against them.

Increased Accessibility of MaaS Schemes for Attackers

One factor that is contributing to the rise of ransomware attacks is the increasing accessibility of malware-as-a-service (MaaS) schemes. MaaS allows less technically proficient attackers to enter the fray, thereby lowering the bar for carrying out such attacks.

The revelation of a new vulnerability in Progress Software’s MOVEit Transfer application underscores the need for timely patching and adoption of robust security measures. With the Clop ransomware gang already exploiting previous vulnerabilities in the software, the risk of data breaches and system takeovers is high. Organizations should disable all HTTP and HTTPs traffic to MOVEit Transfer on ports 80 and 443 and implement additional security measures to protect against possible attacks.

Explore more

Visa Launches SDK to Expand Digital Payments Across Africa

A local street vendor in Accra or a tech-savvy freelancer in Dar es Salaam often finds that having a mobile wallet is not enough to participate in the lucrative global digital economy. While local transfers have flourished, the inability to access international marketplaces creates a glass ceiling for millions of ambitious African entrepreneurs and consumers. The launch of the Visa

Uzbekistan Rapidly Transforms Its Digital Financial Sector

A traveler walking through the bustling Chorsu Bazaar in Tashkent today would likely witness a scene that would have been unrecognizable only a few years ago: vendors who once strictly dealt in stacks of som notes now effortlessly accept instant QR code payments on their mobile devices. This micro-level shift at a local market stall reflects a macro-level upheaval within

How Remote Work and AI Are Eroding Entry-Level Hiring

The traditional expectation that a university degree serves as a guaranteed entry point into a stable professional trajectory has collided with a harsh new economic reality where early-career opportunities are rapidly evaporating. While the labor market has historically rewarded the vigor and potential of young graduates, a silent decoupling occurred that left the newest members of the workforce navigating a

Salesforce, NiCE, and Oracle Lead ISG 2026 CXM Rankings

The modern consumer’s loyalty now hinges on a singular, invisible thread that snaps the moment a customer is forced to repeat their grievance to a third representative who has no record of the previous conversation. In a marketplace defined by hyper-competition, these fragmented experiences are no longer merely inconvenient; they are financially catastrophic for the enterprise. As organizations struggle with

Has Hyper-Measurement Killed Creativity in B2B Marketing?

The digital dashboard promised a world of absolute certainty where every marketing dollar could be tracked with surgical precision, yet many B2B brands now find themselves invisible in a sea of data-driven sameness. While marketing departments once thrived on intuition and bold storytelling, the modern era has substituted that creative spark for a reliance on real-time analytics that often prioritizes