Fraud Management & Cybercrime
,
Governance & Risk Management
,
Patch Management
Progress Software Says New Vulnerabilities Are Unrelated to Zero Day Used by Clop
The company behind the MOVEit managed file transfer application is urging customers into a new round of emergency patching after identifying additional vulnerabilities.
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
Progress Software in a Friday update said it identified additional SQL injection vulnerabilities allowing attackers access to the MOVEit transfer database. “These newly discovered vulnerabilities are distinct from the previously reported vulnerability,” it wrote.
Likely hundreds of customers have already been affected by a SQL zero day the company patched on May 31, tracked as CVE-2023-34362.
The Clop ransomware-as-a-service group says it orchestrated the attacks. The Russian-speaking gang has threatened to begin naming victims starting Wednesday (see: Clop Ransomware Gang Asserts It Hacked MOVEit Instances).
The Massachusetts company, whose products are popular with the government, health and education sectors, says the newly identified vulnerability doesn’t yet have a CVE assigned to it. It allows an attacker to “submit a crafted payload to a MOVEit Transfer application endpoint which could result in modification and disclosure of MOVEit database content.”
Cyber risk company Kroll says Clop may have started experimenting with how to exploit CVE-2023-34362 as early as 2021.
The assertion comes from logs showing automated scanning of MOVEit instances, including some emanating from IP addresses with the same network ID as known Clop addresses or an address previously attributed to Clop. The scans, says Kroll, scraped the unique identifier associated with each file transfer software customer. Log analysis found an instance of the scans occurring in July 2021.
“These findings highlight the significant planning and preparation that likely precede mass exploitation events,” Kroll says.
Clop is behind other high-profile attack on file transfer applications including Accellion’s File Transfer Appliance and GoAnywhere Managed File Transfer, made by Fortra (see: Fortra Hacker Installed Tools on Victim Machines).