Rising Cyber Threats: Uncovering the Third MOVEit Transfer Vulnerability and Cl0p Gang’s Extortion Methods

The recent disclosure of a new vulnerability impacting Progress Software’s MOVEit Transfer application has highlighted the critical need for robust security measures and timely patching. The revelation comes at a time when the Clop ransomware gang has been exploiting multiple vulnerabilities in the software to target a wide range of organizations, including US federal agencies.

In this article, we will examine the details of the newly disclosed vulnerability and its potential impact, as well as the previous vulnerabilities exploited by the Clop ransomware gang. Additionally, we will look at statistics on the industry and location of exposed hosts running MOVEit and analyze the prevalence of different types of malware, including ransomware.

Progress Software’s Third Vulnerability Disclosure

Progress Software recently disclosed a third vulnerability impacting its MOVEit Transfer application. This time, the vulnerability is an SQL injection vulnerability that “could lead to escalated privileges and potential unauthorized access to the environment.”

The company has urged customers to disable all HTTP and HTTPS traffic to MOVEit Transfer on ports 80 and 443 to safeguard their environments while a patch is being prepared. The urgency of this recommendation is compounded by the fact that the Clop ransomware gang has already been exploiting vulnerabilities in the software.

Details of the new SQL injection vulnerability and potential impact

The new SQL injection vulnerability could have serious consequences for affected organizations. SQL injection attacks are among the most common and damaging types of attacks. They can lead to data breaches, data loss, and even system takeover.

The vulnerability was discovered by security professionals who were assessing the software for potential weaknesses. They found that it was possible to inject SQL queries into the application’s database, which could lead to privileged access to the environment. If exploited, this vulnerability could allow an attacker to take over the system, access sensitive data, and cause significant damage to the targeted organization.

Previously discovered vulnerabilities were exploited by the Clop ransomware gang

This latest vulnerability follows two previous SQL injection vulnerabilities that were disclosed by Progress Software in July 2021. These vulnerabilities were also exploited by the Clop ransomware gang, who used them to steal data from the customers of the software.

The Clop actors have listed the names of 27 companies that they claim were hacked using the MOVEit Transfer flaw on their darknet leak portal, including multiple US federal agencies. This highlights the critical need for timely patching and robust security measures to protect against such threats.

Statistics on the industry and location of exposed hosts running MOVEit

According to Censys, a web-based search platform for assessing the attack surface of internet-connected devices, nearly 31% of over 1,400 exposed hosts running MOVEit are in the financial services industry. This suggests that attackers are targeting organizations with high-value data and assets.

Additionally, nearly 80% of the servers running MOVEit are based in the US, according to Censys. This further underscores the urgency of taking steps to secure the software against attacks.

Analysis of ransomware attacks compared to other types of malware

According to a recent analysis by Kaspersky, ransomware leads with a 58% share, followed by information stealers (24%), and botnets, loaders, and backdoors (18%). This highlights the growing risk of ransomware attacks and emphasizes the need for organizations to adopt robust security measures to protect against them.

Increased Accessibility of MaaS Schemes for Attackers

One factor that is contributing to the rise of ransomware attacks is the increasing accessibility of malware-as-a-service (MaaS) schemes. MaaS allows less technically proficient attackers to enter the fray, thereby lowering the bar for carrying out such attacks.

The revelation of a new vulnerability in Progress Software’s MOVEit Transfer application underscores the need for timely patching and adoption of robust security measures. With the Clop ransomware gang already exploiting previous vulnerabilities in the software, the risk of data breaches and system takeovers is high. Organizations should disable all HTTP and HTTPs traffic to MOVEit Transfer on ports 80 and 443 and implement additional security measures to protect against possible attacks.

Explore more

Can a Unified ERP System Future-Proof Levi Strauss?

Establishing a seamless digital environment for a brand that spans over a hundred nations is a monumental undertaking that requires more than just standard software updates. Currently, Levi Strauss & Co. is navigating a profound transformation of its digital infrastructure, aiming for a mid-2027 completion of a fully integrated global enterprise resource planning system. This strategic overhaul is not merely

Ethereum Faces $10 Billion Liquidation Risk Near $2,000

The current trajectory of Ethereum suggests a massive collision between aggressive retail speculation and sophisticated institutional sell-side pressure as the asset hovers near the $2,000 psychological threshold. This specific price point has historically served as a pivot for broader market sentiment, influencing the behavior of various decentralized finance protocols and secondary layer-two scaling solutions. Currently, the market exhibits a state

Stalled Windows 11 Migration Poses Growing Security Risks

The global landscape of enterprise computing is currently grappling with a persistent digital divide as a significant segment of users continues to rely on Windows 10 despite the availability of more secure alternatives. The current ecosystem of digital infrastructure remains tethered to legacy architecture, with recent telemetry indicating that approximately one in six workstations worldwide continues to operate on Windows

Is Agentic AI the Key to Scaling Enterprise Automation?

Large-scale enterprises are currently grappling with a fundamental paradox where significant investments in artificial intelligence have yielded impressive pilot results but failed to trigger a broader systemic transformation across their global operations. While many organizations have successfully experimented with various AI models in specific silos, they often struggle to scale these technologies effectively across their complex, interconnected departments. This disconnect

VodafoneThree Drives 5G Innovation With Network Automation

The rapid expansion of 5G Standalone infrastructure across the United Kingdom has necessitated a fundamental shift in how telecommunications giants manage the increasing complexity of modern cellular traffic. As VodafoneThree consolidates its dominant market position throughout 2026, the implementation of sophisticated network automation tools has transitioned from a competitive advantage to an absolute operational necessity. By moving away from legacy