by Heather Noggle, UniteNews Contributing Writer
MOVEit seems like an exercise program.
Instead, it’s a file transfer software that helps companies – and governments – automate file transfers. Think Dropbox to automatically send things here and there securely and on schedule.
MOVEit’s the product of Ipswitch, or Progress Software. Ipswitch has built file transfer software for many, many years.
Three related vulnerabilities were found within the software and how it communicates with the database. Attackers could modify the data sent in that interacted with the database and gain control of the software. This type of attack is called SQL injection. MOVEit quickly released fixes for each of these, but many organizations will be slow to apply these fixes, and damage has already been done. Attackers gain control, remove data, and can encrypt files if they’re not caught early. Ransomware.
What does this mean to us?
MOVEit’s customers are wide-ranging, and they include the State of Missouri. Cybercriminals may have – through these vulnerabilities – breached the data State of Missouri – and many other municipal, state, and federal government departments, exfiltrating data about citizens. On June 13, MO.gov issued a statement that’s on its website. There’s an ongoing investigation with no results posted yet. This is typical, as the researcher must assume there’s a breach and attempt to discover when it happened and what was taken, and, from that, who was affected. The CLOp group also claimed they hit the University of Missouri system.
Several more weeks may pass before Missourians know what happened in these attacks.
The news about this has been sparse for how many people are likely affected. The group claiming responsibility for the attacks is named CLOp (C, L, O, little p). That’s enough to research further. If you search CLOp and MoveIt, you’ll find a broad range of targets and a long list of them. A late June article by the website Cyberclan claims the group is likely Russian and motivated by money.
CLOp also struck software GoAnywhere earlier this year, another file transfer program company. This attack brought local implications through a healthcare provider here in Springfield whose administration company uses the GoAnywhere software.
Secure what you can of your own private data. Businesses and governments are striving to be better at doing their part, as the need is clear.
