New Cybersecurity Vulnerability Discovered in MOVEit Transfer Application
Progress Software announced on Thursday that a newly identified security vulnerability, tracked as CVE-2023-35708, affects its MOVEit Transfer application. This revelation comes amidst ongoing cyber extortion efforts by the Cl0p ransomware group, targeting various companies utilizing this application. The vulnerability presents an SQL injection risk, which could allow an unauthorized user to gain elevated privileges and access sensitive areas of the system.
In light of this finding, Progress Software is advising its customers to halt all HTTP and HTTPS traffic on ports 80 and 443 to their MOVEit Transfer services. This precautionary measure is intended to protect their systems as the company develops a patch to remediate this flaw. Notably, the managed file transfer solution used in cloud environments has already been secured against this vulnerability.
The current flaw adds to a series of SQL injection vulnerabilities disclosed just a week earlier, classified under CVE-2023-35036. This prior issue could also facilitate unauthorized access to the application’s database, thereby raising significant concerns over data security. Furthermore, earlier vulnerabilities previously exploited by the Cl0p gang have demonstrated the potential for devastating data breaches, as seen with CVE-2023-34362.
The timing of this disclosure is critical, as Cl0p recently revealed the identities of 27 organizations purportedly compromised through MOVEit Transfer flaws. Reports indicate that several federal agencies, including the U.S. Department of Energy, may be among those affected. This breach highlights an alarming trend of cybercriminals effectively leveraging existing vulnerabilities to execute high-stakes attacks.
Research from Censys indicates that of over 1,400 exposed MOVEit hosts, a substantial portion—31%—are connected to the financial services sector, while the healthcare, IT, and government/military sectors represent 16%, 9%, and 8%, respectively. This data emphasizes the widespread exposure of various critical industries, with nearly 80% of the servers located within the United States.
Kaspersky’s findings illustrate the threat landscape, revealing that ransomware accounts for 58% of malware families identified between 2015 and 2022, with information stealers and other types of malicious software closely following. The proliferation of malware-as-a-service (MaaS) models has further lowered entry barriers for potential cybercriminals, increasing the risk of future incidents.
As a response to the newly discovered vulnerability, Progress Software has deployed patches for affected versions: 2020.1.10, 2021.0.8, 2021.1.6, 2022.0.6, 2022.1.7, and 2023.0.3. The company emphasized the importance of immediate updates and caution against unauthorized access attempts. It is crucial for businesses relying on MOVEit Transfer to take these warnings seriously to mitigate risks associated with potential cyber-attacks.
This incident serves as a stark reminder of the persistent threats posed by sophisticated adversaries operating in cyberspace. By utilizing tactics that align with the MITRE ATT&CK framework—specifically privilege escalation and initial access—these actors continue to compromise sensitive information and disrupt operational integrity across industries. Business owners must remain vigilant and proactive in their cybersecurity measures to protect against such evolving threats.
