MOVEit
Developer(s) | Ipswitch, Inc. (Now part of Progress Software) |
---|---|
Stable release | |
Website | Official site |
MOVEit is a managed file transfer software product produced by Ipswitch, Inc. (now part of Progress Software).[3] MOVEit encrypts files and uses file transfer protocols such as FTP(S) or SFTP to transfer data, as well as providing automation services, analytics and failover options.[3][4] The software has been used in the healthcare industry by companies such as Rochester Hospital[5] and Medibank,[6] as well as thousands of IT departments in high technology, government, and financial service companies like Zellis.[7]
History
[edit]MOVEit was released in 2002 by Standard Networks.[8] In 2006, the company released integration between MOVEit and antivirus software to stop the transfer of infected files.[9]
Ipswitch acquired MOVEit in 2008 when the company purchased Standard Networks.[10] MOVEit Cloud was announced in 2012 as a cloud-based file transfer management software.[11] MOVEit Cloud was the first enterprise-class cloud managed file transfer software. It is scalable and can share files system-to-system, with groups, or person-to-person.[12]
In 2013, MOVEit clients were released for the iOS and Android platforms. The release included a configuration wizard, as well as email encryption.[3][13]
Ipswitch Analytics was released in 2015 to monitor and report data through the MOVEit software. The analytic data includes an activity monitor and automated report creation. Ipswitch Analytics can access data from MOVEit file transfer and automation servers.[14][15] That same year, Ipswitch Failover was released. The software can return recovery point objectives (RPO) in seconds with a recovery time objectives (RTO) of less than a minute, which increases the availability of MOVEit.[16]
2023 data breach
[edit]On 31 May 2023, Progress reported a SQL injection vulnerability in MOVEit Transfer and MOVEit Cloud (CVE-2023-34362). The vulnerability's use was widely exploited in late May 2023.[17] The 31 May vulnerability allows an attacker to access MOVEit Transfer's database from its web application without authenticating. The attacker may then be able to execute SQL statements that alter or delete entries in the database, and infer information about the structure and contents of the database.[18][19] Data exfiltration in the widespread May-June attacks by the Russian-speaking cyber crime group Cl0p may have been primarily focused on data stored using Microsoft Azure.[20] Upon discovery, Progress launched an investigation, alerted its customers of the issue and provided mitigation steps (blocking all HTTP and HTTPS traffic to MOVEit), followed by the development and release of a security patch.[21] On 15 June, another vulnerability that could lead to unauthorized access became public (CVE-2023-35708).[22]
In 2023, it was published that the 31 May 2023 zero-day vulnerability had been exploited by attackers.[23] On 7 June 2023, cyber gang Clop, believed to be Russian-based, made a blog posting saying that they had gained access to MOVEit transactions worldwide, and that organisations using MOVEit had until 14 June to contact Clop and pay a ransom, otherwise stolen information would be published. Details typically include payroll data with fields such as home addresses, National Insurance numbers, and bank details, but vary. The group said that they had information from eight UK organisations including the BBC, derived by an attack on payroll services provider Zellis. It was surmised that contact via blog post rather than email to victims might be due to the enormous number of victims, being too many to handle individually.[24]
- Response
The MOVEit team has worked with industry experts to investigate the May 31 incident. Cybersecurity and Infrastructure Security Agency (CISA),[25] CrowdStrike,[26] Mandiant,[27] Microsoft,[28] Huntress[29] and Rapid7[30] have assisted with incident response and ongoing investigations.[31] Cyber industry experts[who?] have credited the MOVEit team for its response and handling of the incident by quickly providing patches, as well as regular and informative advisories that helped support rapid remediation.[32][33][34] Despite the attempts by the company to remediate the vulnerabilities, hundreds of companies across the world had exorbitant amounts of confidential information stolen due to the weaknesses in the software. The effects of the MOVEit breach are still being revealed as of November 2023. It is estimated that the stolen data will be abused for many years to come.
References
[edit]- ^ https://docs.progress.com/bundle/moveit-transfer-release-notes-2023/page/Whats-New-in-MOVEit-Transfer-2023.html
- ^ https://docs.progress.com/bundle/moveit-automation-release-notes-2023/page/Whats-New-in-MOVEit-Automation-2023.html
- ^ a b c Alex Woodie (September 24, 2013). "Ipswitch Adds iOS and Android Clients to MFT Suite". IT Jungle. Retrieved July 20, 2016.
- ^ "Managed File Transfer Software - MOVEit MFT - Ipswitch". www.ipswitch.com. Retrieved 2023-07-23.
- ^ "Rochester General Hospital MOVEit Case Study". HealthData Management. Retrieved July 20, 2016.
- ^ Chris Player (November 13, 2014). "Medibank employs Ipswitch MOVEit MFT". ARN. Retrieved July 20, 2016.
- ^ "Ipswitch launches new tools to protect critical and confidential date". TYN Channel. January 4, 2016. Retrieved July 20, 2016.
- ^ "Standard Networks releases secure transfer client". WTN News. March 24, 2004. Retrieved July 20, 2016.
- ^ "MOVEit Central File Transfer Management Offers Real-Time". Business Wire. April 18, 2006. Retrieved July 20, 2016.
- ^ Tom Jowitt (February 19, 2008). "Ipswitch gets compliance with Standard Networks buy". Network World. Retrieved July 20, 2016.
- ^ Brandon Butler (November 13, 2012). "File transfer systems adapting to today's cloudy conditions". Network World. Retrieved July 20, 2016.
- ^ "Ipswitch FIlp Transfer Launches MOVEit Cloud & MOVEit Ad Hoc Transfer". Compliance Week. November 6, 2012. Retrieved July 20, 2016.
- ^ Chris Talbot (November 15, 2015). "Ipswitch Adds Mobile Support to MOVEit Cloud 8.0". Talkin Cloud. Retrieved July 20, 2016.
- ^ Nathan Eddy (June 8, 2015). "Ipswitch Analytics Offers Auditable File Transfers". eWeek. Retrieved July 20, 2016.
- ^ Kathrin Jannot (April 4, 2016). "MOVEit organized file transfers from a single interface". Cyber Press. Retrieved July 20, 2016.
- ^ "Ipswitch Delivers Zero Downtime and No Data Loss with New Failover Solution for Managed File Transfer". APM Digest. September 23, 2015. Retrieved July 20, 2016.
- ^ Arghire, Ionut (2023-06-19). "MOVEit Customers Urged to Patch Third Critical Vulnerability". SecurityWeek. Retrieved 2023-06-19.
- ^ "NVD - CVE-2023-34362". nvd.nist.gov. Retrieved 2023-06-19.
- ^ "MOVEit Transfer and MOVEit Cloud Vulnerability". 5 July 2023.
- ^ Goodin, Dan (2023-06-06). "Mass exploitation of critical MOVEit flaw is ransacking orgs big and small". Ars Technica. Retrieved 2023-06-19.
- ^ "Progress Customer Community". community.progress.com. Retrieved 2023-06-19.
- ^ "Progress Customer Community". community.progress.com. Retrieved 2023-06-19.
- ^ Page, Carly (2023-06-02). "Hackers launch another wave of mass-hacks targeting company file transfer tools". TechCrunch. Retrieved 2023-06-04.
- ^ Tidy, Joe (7 June 2023). "BBC, BA and Boots issued with ultimatum by cyber gang Clop". BBC News. Retrieved 7 June 2023.
- ^ "#StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability". June 7, 2023. Retrieved June 7, 2023.
- ^ Lioi, Tyler; Palka, Sean (June 5, 2023). "Movin' Out: Identifying Data Exfiltration in MOVEit Transfer Investigations". Retrieved June 5, 2023.
- ^ Zaveri, Nader; Kennelly, Jeremy; Stark, Genevieve (June 2, 2023). "Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft". Retrieved June 2, 2023.
- ^ "Attack Surface: CVE-2023-34362 MOVEit Transfer Zero-Day Exploitation (May 2023)". June 4, 2023. Retrieved June 4, 2023.
- ^ Hammond, John (June 1, 2023). "MOVEit Transfer Critical Vulnerability CVE-2023-34362 Rapid Response". Retrieved June 1, 2023.
- ^ Condon, Caitlyn (June 1, 2023). "Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability". Retrieved June 1, 2023.
- ^ Kapko, Matt (June 14, 2023). "MOVEit mass exploit timeline: How the file-transfer service attacks entangled victims". Retrieved June 26, 2023.
- ^ Starks, Tim (June 7, 2023). "Cyberdefenders respond to hack of file-transfer tool". The Washington Post. Retrieved June 7, 2023.
- ^ "Inside the MOVEit Attack: Decrypting Clop's TTPs and Empowering Cybersecurity Practitioners". July 4, 2023. Retrieved July 4, 2023.
- ^ Stone, Noah (July 20, 2023). "New research reveals rapid remediation of MOVEit Transfer vulnerabilities". BitSight. Retrieved July 20, 2023.