Threat Alert: MOVEit Transfer Exploit
Threat Alert: CVE-2023-34362
MOVEit Transfer Vulnerability
On 06.05.2023, the Clop ransomware group publicly claimed responsibility for exploitation of a zero-day vulnerability in the MOVEit secure file transfer web application (CVE-2023-34362). This is a critical vulnerability in the application frontend that offers SQL injection, which can be further abused to gain administrative access, exfiltrate files, and gain arbitrary code execution.
More information on the specifics of this exploit and steps to remediate are below, as well as current best-practice notes from our Quadrant Threat Analyst team:
- CISA: CL0P Ransomware Exploits CVE-2023-34362 MOVEit Vulnerability
- Huntress: MOVEit Transfer Vulnerability Rapid Response
- Progress: MOVEit Transfer Vulnerability Remediation
Quadrant Security Notes / Recommendations
- Although no one can predict when a zero-day will be discovered or released, ensuring proper logging to, and monitoring of, security-related logs by your MDR provider will afford an edge in detection and investigation, should a breach occur. Old logs are invaluable in threat hunting, during incidents, and zero-day investigations.
- Cloud based tools are often quickly patched and managed by the provider, locally hosted versions of the same solutions are not. Staying on top of Security Updates for any self-hosted tool is paramount to ensuring the security of the organization. In addition to the MOVEit exploit, another perfect example of this is Microsoft's locally-hosted Email Solutions (Exchange server / Outlook), which have had multiple major vulnerabilities, some as recent as this year (CVE-2023-23397).
- Cloud infrastructure without known vulnerabilities are still susceptible to attack if the best practices are not followed when designing and implementing the environment. Security is not convenient by nature and can be overlooked during deployment: Ensure that best practices are adhered to and make sure to test the infrastructure through a vulnerability scan (minimal) or penetration test (recommended).