Rising Cyber Threats: Uncovering the Third MOVEit Transfer Vulnerability and Cl0p Gang’s Extortion Methods

The recent disclosure of a new vulnerability impacting Progress Software’s MOVEit Transfer application has highlighted the critical need for robust security measures and timely patching. The revelation comes at a time when the Clop ransomware gang has been exploiting multiple vulnerabilities in the software to target a wide range of organizations, including US federal agencies.

In this article, we will examine the details of the newly disclosed vulnerability and its potential impact, as well as the previous vulnerabilities exploited by the Clop ransomware gang. Additionally, we will look at statistics on the industry and location of exposed hosts running MOVEit and analyze the prevalence of different types of malware, including ransomware.

Progress Software’s Third Vulnerability Disclosure

Progress Software recently disclosed a third vulnerability impacting its MOVEit Transfer application. This time, the vulnerability is an SQL injection vulnerability that “could lead to escalated privileges and potential unauthorized access to the environment.”

The company has urged customers to disable all HTTP and HTTPS traffic to MOVEit Transfer on ports 80 and 443 to safeguard their environments while a patch is being prepared. The urgency of this recommendation is compounded by the fact that the Clop ransomware gang has already been exploiting vulnerabilities in the software.

Details of the new SQL injection vulnerability and potential impact

The new SQL injection vulnerability could have serious consequences for affected organizations. SQL injection attacks are among the most common and damaging types of attacks. They can lead to data breaches, data loss, and even system takeover.

The vulnerability was discovered by security professionals who were assessing the software for potential weaknesses. They found that it was possible to inject SQL queries into the application’s database, which could lead to privileged access to the environment. If exploited, this vulnerability could allow an attacker to take over the system, access sensitive data, and cause significant damage to the targeted organization.

Previously discovered vulnerabilities were exploited by the Clop ransomware gang

This latest vulnerability follows two previous SQL injection vulnerabilities that were disclosed by Progress Software in July 2021. These vulnerabilities were also exploited by the Clop ransomware gang, who used them to steal data from the customers of the software.

The Clop actors have listed the names of 27 companies that they claim were hacked using the MOVEit Transfer flaw on their darknet leak portal, including multiple US federal agencies. This highlights the critical need for timely patching and robust security measures to protect against such threats.

Statistics on the industry and location of exposed hosts running MOVEit

According to Censys, a web-based search platform for assessing the attack surface of internet-connected devices, nearly 31% of over 1,400 exposed hosts running MOVEit are in the financial services industry. This suggests that attackers are targeting organizations with high-value data and assets.

Additionally, nearly 80% of the servers running MOVEit are based in the US, according to Censys. This further underscores the urgency of taking steps to secure the software against attacks.

Analysis of ransomware attacks compared to other types of malware

According to a recent analysis by Kaspersky, ransomware leads with a 58% share, followed by information stealers (24%), and botnets, loaders, and backdoors (18%). This highlights the growing risk of ransomware attacks and emphasizes the need for organizations to adopt robust security measures to protect against them.

Increased Accessibility of MaaS Schemes for Attackers

One factor that is contributing to the rise of ransomware attacks is the increasing accessibility of malware-as-a-service (MaaS) schemes. MaaS allows less technically proficient attackers to enter the fray, thereby lowering the bar for carrying out such attacks.

The revelation of a new vulnerability in Progress Software’s MOVEit Transfer application underscores the need for timely patching and adoption of robust security measures. With the Clop ransomware gang already exploiting previous vulnerabilities in the software, the risk of data breaches and system takeovers is high. Organizations should disable all HTTP and HTTPs traffic to MOVEit Transfer on ports 80 and 443 and implement additional security measures to protect against possible attacks.

Explore more

Ethereum Eyes $1,800 as Buterin Unveils Lean Roadmap

Digital asset markets often react violently to technical shifts, but the recent strategic pivot outlined by Vitalik Buterin has sparked a more calculated sense of optimism across the global decentralized finance ecosystem. The Ethereum network is currently navigating a pivotal transition phase where the complexity of past upgrades is being replaced by a streamlined vision designed to reduce hardware requirements

AI Transforms the Frontline Employee Lifecycle

High turnover in retail and manufacturing industries is often the direct result of systemic failure and fragmented technology rather than individual performance or a lack of motivation. In environments where every minute spent off the floor impacts the bottom line, a worker who cannot access their schedule or find a safety manual quickly becomes a significant flight risk. This phenomenon,

Can Your Android Device Run a Full Linux Desktop?

The modern smartphone possesses more raw computational power than the professional workstations that once powered global space exploration, yet its potential remains confined within a mobile interface. Android, while built on the robust Linux kernel, serves as a specialized environment that prioritizes touch interaction and energy efficiency over the versatile multitasking capabilities found in a traditional desktop setup. This inherent

Can Windows 11 Cloud Rebuild Replace Your Recovery USB?

The sudden failure of a primary operating system often triggers an immediate scramble for physical media, yet the necessity for a bootable USB drive is increasingly being challenged by sophisticated network-based solutions. For years, the gold standard for system recovery involved manual intervention with external hardware, which frequently contained outdated builds of Windows that required hours of patching after a

Can UiPath’s AI Strategy Bridge Its Massive Growth Gap?

The enterprise automation landscape has reached a critical juncture where the traditional efficiency gains of robotic process automation are no longer sufficient to satisfy investors who demand hyper-growth fueled by generative artificial intelligence. While UiPath built its empire on the promise of delegating repetitive tasks to software bots, the rapid emergence of agentic AI has forced a fundamental redesign of