Security News > 2023 > June > MOVEit Transfer hack fallout: BBC, Aer Lingus, Boots among the victims

MOVEit Transfer hack fallout: BBC, Aer Lingus, Boots among the victims
2023-06-06 10:37

The fallout of the MOVEit Transfer hack via CVE-2023-34362 by the Cl0p gang is expanding, as several UK-based companies have now confirmed that some of their data has been stolen.

Caitlin Condon, Senior Manager of Security Research at Rapid7, told Help Net Security that the company has responded to MOVEit Transfer alerts across a wide range of organizations, from small businesses to enterprises with tens of thousands of assets.

Other criminal groups may follow Cl0p's lead. As we previously reported, there are fixes and mitigations available for MOVEit Transfer customers, but every organization that had MOVEit Transfer's web interface exposed on the internet in the last 30 days is likely to find evidence of compromise.

Wicus Ross, Senior Security Researcher at Orange Cyberdefense, Europe's largest MSSP, says that it's not a surprise that software like MOVEit Transfer is targeted as it's designed to be exposed onto the internet and widely used by organizations located in the US and Europe.

"Around 1,500 servers running the software can currently be identified on Internet. This vulnerability is simple to exploit, so we would expect that many of these servers are already compromised, and many more victims are likely to follow," he told Help Net Security.

"Writing secure software can inflate costs for a vendor, which may disadvantage it in the market, so shortcuts are often taken. This is how 'security debt' is accrued and passed on down the software supply chain. Any time a vendor makes a deliberate security compromise, or honest security mistake, the victims of a resulting cybersecurity incident will have to absorb the costs. This repeating pattern is causing growing frustration for businesses and security professionals," he added.

News URL

Related Vulnerability

2023-06-02 CVE-2023-34362 SQL Injection vulnerability in Progress Moveit Cloud and Moveit Transfer
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database.
low complexity
progress CWE-89