Executive summary

A few days ago, a critical flaw in file transfer software Moveit was exploited, and millions could be impacted. The flaw (CVE-2023-34362) is under active exploitation, with the recent announcement of breaches against UK Payroll provider Zellis, who support services to hundreds of services in the UK. The breach against Zellis has further impacted companies that use Zellis, including the BBC, major UK airline British Airways and major UK retailer, Boots. In addition, the US Government’s Cybersecurity and Infrastructure Agency (CISA)  has ordered agencies to patch the flaw.

What’s the risk to me or my business?

The flaw, which has been linked by Microsoft to Lace Tempest, known for ransomware operations & running the Clop extortion site, is being used to exfiltrate data, impacting the confidentiality, integrity and availability of the data an organisation holds. Exploitation of the flaw allows a successful threat actor to gain unauthenticated, remote access to the MOVEit database, allow them to execute code.

Technical Summary:

CVE-2023-34362 – A SQL injection vulnerability in the MOVEit Transfer web application which if exploited, could allow unauthorised access to MOVEit Transfer’s database.

The table below has been taken from MOVEit’s security bulletin:

What can I do?

It is important that organisations not only consider themselves and whether they are using MOVEit Transfer software, but also whether any of their suppliers are using it. In both cases, the relevant fixed version should be installed.

The breaches further reinforce the importance of the supply chain and the impact it can have on organisations. It’s not just about your own security, but also any provider who your organisation uses.

Further details the patch can be found here:

https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity