One Article Review
| Source |  Anomali |
|---|---|
| Identifiant | 8346382 |
| Date de publication | 2023-06-17 01:48:00 (vue: 2023-06-17 03:06:16) |
| Titre | Êtes-vous prêt pour Moveit? Are you ready for MOVEit? |
| Texte | Background
Multiple vulnerabilities have recently been identified in the managed file transfer (MFT) software MOVEit developed by Ipswitch, Inc. and produced by Progress Software. These include CVE-2023-34362 [1], CVE-2023-35036 [2] and CVE-2023-35708 [3]. These vulnerabilities allow adversaries to gain unauthorized access and escalate privileges in the environment.
MOVEit is a popular tool that is used by thousands of organizations around the world. These include organizations in the public, private, and government sectors. The transfer software can be deployed as on-prem, in the MOVEit Cloud, or on any Microsoft Azure server. Due to the nature of handling potentially sensitive information, MOVEit is a lucrative target from a threat actor’s perspective, granting threat actors the ability to add and remove database content, execute arbitrary code, and steal sensitive information.
What do we know about the exploits?
While this story is still actively playing out and we will know the final count only in the coming weeks, here’s what we know about it thus far.
The CL0p ransomware gang has been actively exploiting this vulnerability and has claimed to compromise over dozens of organizations across different industries and regions. These include oil & gas, news & media, healthcare, financial services, state and federal governments, and more. Anomali’s own assessment has shown that there are thousands of externally exposed MOVEit instances that could potentially be exploited.
Additional public research has revealed that this vulnerability may have been actively exploited even since 2021 [4]. More recently, organizations have also released proof of concept (PoC) exploit code for this vulnerability [5], making it likely that other attackers could exploit unpatched systems.
Anomali MOVEit Vulnerability Dashboard
The Anomali Threat Research team has additionally researched and documented additional details on this vulnerability via Threat Bulletin. The team has also identified over 430 relevant indicators and signatures and several sector specific articles to provide more industry-specific details. The dashboard below highlights some of the insights available to Anomali customers via ThreatStream.
What can you do about it?
There are several steps important to reduce the impact of this vulnerability, some of which are also documented in Progress’ knowledge base article [6]
1. Discover your attack surface. there are several tools that offer this capability, including Anomali Attack Surface Management [7]
2. Patch the vulnerable systems at the earliest. The Progress knowledge base [6] article captures this in the following steps
a.Disable HTTP/S traffic to your MOVEit Transfer environment
b.Patch the vulnerable systems
c.Enable HTTP/S access to the MOVEit Transfer environment
3. Monitor your environment for any known indicators to identify malicious activities. The Anomali Threat Bulletin captures over 2200 observables that can be used to monitor for malicious activities via a SIEM, firewall, or other technologies. Proactively distribute these indicators to your security controls (firewalls, proxies, etc.) to monitor for any malicious activity.
Anomali MOVEit Vulnerability Threat Bulletin
4. Hunt for any attacker footprints. While monitoring looks forward, hunting a |
| Envoyé | Oui |
| Condensat | indicators 15june2023 2021 2021/ 2023 2200 34362 34362 35036 35036 35708 430 ability able about access across actively activities activity actor’s actors add additional additionally adversaries allow allows also anomali anomali’s any arbitrary are around article articles assessment assist attack attacker attackers attending automated available azure back background base been below beyond bleepingcomputer blogs build bulletin bulletins can capability captures cl0p claimed cloud code collective com/2023/06/13/cve com/news/security/clop com/products/attack com/products/match com/products/threatstream com/s/article/moveit coming communications compromise concept content continue controls could count critical customers cve dashboard dashboards data database day defense demand deployed details develop developed different disable discover distribute documented dozens due earliest enable ensure environment escalate etc even execute experts exploit exploit/ exploited exploiting exploits exposed externally far federal file final financial firewall firewalls following footprints forward from gain gang gas gov/vuln/detail/cve government governments granting handling has have healthcare help helpnetsecurity here here’s highlights http/s https://community https://nvd https://www hunt hunting identified identify impact important inc include including indicators industries industry information insights instances intelligence ipswitch isacs join june know knowledge known learn likely live look looks lucrative making malicious managed management match may media mft microsoft monitor monitoring more moveit multiple nature news nist notified observables occurred offer oil only organizations other out over own participate past patch peers perspective place plan plans platform playing poc popular posture potentially prem private privileges proactively produced progress progress’ proof provide proxies public ransomware ready recently reduce references refine regions register released relevant remove research researched response revealed search seconds sector sectors security sensitive server services several sharing should shown siem signatures since software some specific state steal steps story surface systems target team technologies test testing these thousands threat threatstream thus timely tool tools traffic transfer trends unauthorized understand unpatched used vulnerabilities vulnerability vulnerable webinar weeks what when which will workflows world years your yourself zero |
| Tags | Ransomware Tool Vulnerability Threat |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.