Security researchers are sounding the alarm after hackers were caught exploiting a newly discovered vulnerability in a popular file transfer tool used by thousands of organizations to launch a new wave of mass data exfiltration attacks.
According to TechCrunch, the vulnerability affects the MOVEit Transfer managed file transfer (MFT) software developed by Ipswitch, a subsidiary of U.S.-based Progress Software, which allows organizations to share large files and datasets over the internet.
Progress confirmed on recently that it had discovered a vulnerability in MOVEit Transfer that “could lead to escalated privileges and potential unauthorized access to the environment,” and urged users to disable internet traffic to their MOVEit Transfer environment.
Patches are available and Progress is urging all customers to apply it urgently.
U.S. cybersecurity agency CISA is also urging U.S. organizations to follow Progress’ mitigation steps, apply the necessary updates and hunt for any malicious activity.
Corporate file-transfer tools have become an increasingly attractive target for hackers, as finding a vulnerability in a popular enterprise system can allow the theft of data from multiple victims.
Jocelyn VerVelde, a spokesperson for Progress via an outside public relations agency, declined to say how many organizations use the affected file transfer tool, though the company’s website states that the software is used by “thousands of organizations around the world.”
Shodan, a search engine for publicly exposed devices and databases, reveals more than 2,500 MOVEit Transfer servers discoverable on the internet, most of which are located in the United States, as well as the U.K., Germany, the Netherlands, and Canada.
The vulnerability also impacts customers who rely on the MOVEit Transfer cloud platform, according to security researcher Kevin Beaumont. At least one exposed instance is connected to the U.S. Department of Homeland Security and several “big banks” are also believed to be MOVEIt customers also to be affected, according to Beaumont.
Several security companies say they have already observed evidence of exploitation.
Mandiant said it is investigating “several intrusions” related to the exploitation of the MOVEit vulnerability.