Security News

British Airways, BBC and Boots have all been served an ultimatum after they were hit with a supply-chain attack by the ransomware group Clop. In February 2023, Clop claimed responsibility for a supply-chain attack that affected more than 130 organizations, including data belonging to CHS Healthcare patients.

Progress Software warned customers today of newly found critical SQL injection vulnerabilities in its MOVEit Transfer managed file transfer solution that can let attackers steal information from customers' databases. "An attacker could submit a crafted payload to a MOVEit Transfer application endpoint which could result in modification and disclosure of MOVEit database content," Progress says in an advisory published today.

The Clop ransomware gang has been looking for ways to exploit a now-patched zero-day in the MOVEit Transfer managed file transfer solution since 2021, according to Kroll security experts. "Kroll observed activity consistent with MOVEit Transfer exploitation that collectively occurred on April 27, 2022; May 15-16, 2023; and May 22, 2023, indicating that actors were testing access to organizations via likely automated means and pulling back information from the MOVEit Transfer servers to identify which organization they were accessing," the report reveals.

The Clop ransomware gang has been looking for ways to exploit a now-patched zero-day in the MOVEit Transfer managed file transfer solution since 2021, according to Kroll security experts. "Kroll observed activity consistent with MOVEit Transfer exploitation that collectively occurred on April 27, 2022; May 15-16, 2023; and May 22, 2023, indicating that actors were testing access to organizations via likely automated means and pulling back information from the MOVEit Transfer servers to identify which organization they were accessing," the report reveals.

MOVEit zero-day exploit used by data breach gangs: The how, the why, and what to do. Amongst the things that they could do would be: finding out the structure of your internal databases, so they know what stored where; perhaps downloading and messing with your data; and, optionally for the crooks, injecting what's known as a webshell.

The U.S. Cybersecurity and Infrastructure Security Agency and Federal Bureau of Investigation have published a joint advisory regarding the active exploitation of a recently disclosed critical flaw in Progress Software's MOVEit Transfer application to drop ransomware. "The Cl0p Ransomware Gang, also known as TA505, reportedly began exploiting a previously unknown SQL injection vulnerability in Progress Software's managed file transfer solution known as MOVEit Transfer," the agencies said.

The Cl0p cyber extortion crew says that the many organizations whose data they have pilfered by exploiting a vulnerability in the MOVEit Transfer solution have until June 14 to get in contact with them - or they will post their name on their dedicated leak page. The Nova Scotia province shared that "The personal information of many employees of Nova Scotia Health, the IWK Health Centre and the public service has been stolen in the MOVEit global cybersecurity breach."

Clop, the ransomware crew that has exploited the MOVEit vulnerability extensively to steal corporate data, has given victims a June 14 deadline to pay up or the purloined information will be leaked. Crucially, to steal the data, Clop exploited a deployment of MOVEit used by payroll services provider Zellis; British Airways et al are customers of Zellis, so when Clop broke into the payroll company's IT systems, the miscreants were able to snatch valuable employee data belonging to a host of orgs.

MOVEit is managed file transfer software from Progress, an application development and digital experience technologies provider. Aspx is the native file used by MOVEit Transfer for its web interface.

The fallout of the MOVEit Transfer hack via CVE-2023-34362 by the Cl0p gang is expanding, as several UK-based companies have now confirmed that some of their data has been stolen. Caitlin Condon, Senior Manager of Security Research at Rapid7, told Help Net Security that the company has responded to MOVEit Transfer alerts across a wide range of organizations, from small businesses to enterprises with tens of thousands of assets.