Malicious hackers target vulnerable file-transfer tool
Progress Software Corp. is warning of a critical software vulnerability in its popular file-transfer software that could give malicious actors unauthorized access to customers' networks.
Why it matters: Roughly 2,500 instances of Progress's MOVEit file-transfer tool are believed to be running online, and malicious hackers are already exploiting the newly discovered security flaw in it.
- File-transfer tools like MOVEit have been popular targets for ransomware groups and other cybercriminal organizations in recent years, according to security vendor Rapid7.
Threat level: Several companies and cybersecurity investigators are already investigating cases where hackers have exploited the vulnerability.
- Charles Carmakal, chief technology officer at Google-owned Mandiant, said in a statement that his company is already investigating "several intrusions related to the exploitation" of MOVEit.
- Huntress, a software vendor popular with small to medium-sized businesses, said in a blog post it's identified fewer than 10 organizations running this tool in its customer base, and one of them has seen a "full attack chain" already.
The big picture: Critical vulnerabilities such as the new MOVEit one are known as "zero days," which means organizations have zero days between their discovery and hackers being able to target them if there's no solution.
- Organizations that use the tools should be prepared to face potential data extortion and theft, Carmakal added in his statement.
The intrigue: It remains unclear who is behind the attack, and, thus far, no criminal groups have started extorting victims whose data has been stolen on the dark web, according to a BleepingComputer report.
Be smart: Progress has since released fixes for the affected versions of MOVEit, and the company recommends customers disable any web traffic to the program until they're able to apply the patches.
Sign up for Axios’ cybersecurity newsletter Codebook here