Rising Cyber Threats: Uncovering the Third MOVEit Transfer Vulnerability and Cl0p Gang’s Extortion Methods

The recent disclosure of a new vulnerability impacting Progress Software’s MOVEit Transfer application has highlighted the critical need for robust security measures and timely patching. The revelation comes at a time when the Clop ransomware gang has been exploiting multiple vulnerabilities in the software to target a wide range of organizations, including US federal agencies.

In this article, we will examine the details of the newly disclosed vulnerability and its potential impact, as well as the previous vulnerabilities exploited by the Clop ransomware gang. Additionally, we will look at statistics on the industry and location of exposed hosts running MOVEit and analyze the prevalence of different types of malware, including ransomware.

Progress Software’s Third Vulnerability Disclosure

Progress Software recently disclosed a third vulnerability impacting its MOVEit Transfer application. This time, the vulnerability is an SQL injection vulnerability that “could lead to escalated privileges and potential unauthorized access to the environment.”

The company has urged customers to disable all HTTP and HTTPS traffic to MOVEit Transfer on ports 80 and 443 to safeguard their environments while a patch is being prepared. The urgency of this recommendation is compounded by the fact that the Clop ransomware gang has already been exploiting vulnerabilities in the software.

Details of the new SQL injection vulnerability and potential impact

The new SQL injection vulnerability could have serious consequences for affected organizations. SQL injection attacks are among the most common and damaging types of attacks. They can lead to data breaches, data loss, and even system takeover.

The vulnerability was discovered by security professionals who were assessing the software for potential weaknesses. They found that it was possible to inject SQL queries into the application’s database, which could lead to privileged access to the environment. If exploited, this vulnerability could allow an attacker to take over the system, access sensitive data, and cause significant damage to the targeted organization.

Previously discovered vulnerabilities were exploited by the Clop ransomware gang

This latest vulnerability follows two previous SQL injection vulnerabilities that were disclosed by Progress Software in July 2021. These vulnerabilities were also exploited by the Clop ransomware gang, who used them to steal data from the customers of the software.

The Clop actors have listed the names of 27 companies that they claim were hacked using the MOVEit Transfer flaw on their darknet leak portal, including multiple US federal agencies. This highlights the critical need for timely patching and robust security measures to protect against such threats.

Statistics on the industry and location of exposed hosts running MOVEit

According to Censys, a web-based search platform for assessing the attack surface of internet-connected devices, nearly 31% of over 1,400 exposed hosts running MOVEit are in the financial services industry. This suggests that attackers are targeting organizations with high-value data and assets.

Additionally, nearly 80% of the servers running MOVEit are based in the US, according to Censys. This further underscores the urgency of taking steps to secure the software against attacks.

Analysis of ransomware attacks compared to other types of malware

According to a recent analysis by Kaspersky, ransomware leads with a 58% share, followed by information stealers (24%), and botnets, loaders, and backdoors (18%). This highlights the growing risk of ransomware attacks and emphasizes the need for organizations to adopt robust security measures to protect against them.

Increased Accessibility of MaaS Schemes for Attackers

One factor that is contributing to the rise of ransomware attacks is the increasing accessibility of malware-as-a-service (MaaS) schemes. MaaS allows less technically proficient attackers to enter the fray, thereby lowering the bar for carrying out such attacks.

The revelation of a new vulnerability in Progress Software’s MOVEit Transfer application underscores the need for timely patching and adoption of robust security measures. With the Clop ransomware gang already exploiting previous vulnerabilities in the software, the risk of data breaches and system takeovers is high. Organizations should disable all HTTP and HTTPs traffic to MOVEit Transfer on ports 80 and 443 and implement additional security measures to protect against possible attacks.

Explore more

U.S. Labor Market Stagnates Amid Layoffs and AI Impact

As the U.S. economy navigates a complex web of challenges, a troubling trend has emerged in the labor market, with stagnation casting a shadow over job growth and stability, while recent data reveals a significant drop in hiring plans despite a decline in monthly layoffs. This paints a picture of an economy grappling with uncertainty. Employers are caught between rising

Onsite Meetings Drive Success with Business Central

In an era where digital communication tools dominate the business landscape, the enduring value of face-to-face interaction often gets overlooked, yet it remains a powerful catalyst for effective technology implementation. Imagine a scenario where a company struggles to integrate a complex system like Microsoft Dynamics 365 Business Central, grappling with inefficiencies that virtual meetings fail to uncover. Onsite visits, where

Balancing AI and Human Touch in Modern Staffing Practices

Imagine a hiring process where algorithms sift through thousands of resumes in seconds, matching candidates to roles with uncanny precision, yet when it comes time to seal the deal, a candidate hesitates—not because of the job, but because they’ve never felt a genuine connection with the recruiter. This scenario underscores a critical tension in today’s staffing landscape: technology can streamline

How Is AI Transforming Search and What Must Leaders Do?

Unveiling the AI Search Revolution: Why It Matters Now Imagine a world where a single search query no longer starts with typing keywords into a familiar search bar, but instead begins with a voice command, an image scan, or a conversation with an AI assistant that anticipates needs before they are fully articulated. This is not a distant vision but

Why Is Explainable AI Crucial for Regulated Industries?

Unveiling the Transparency Challenge in AI-Driven Markets In 2025, imagine a healthcare provider relying on an AI system to diagnose a critical condition, only to face a regulatory inquiry because the decision-making process remains a mystery, highlighting a pressing challenge in regulated industries like healthcare, finance, and criminal justice. The lack of transparency in AI systems poses significant risks to