Hackers Steal Data from Cloud Transfer Platform
UPDATE, June 5th 2023: British Airways & Boots have confirmed that they are among serveral UK Businesses who have been effected by the MOVEit Data Breach. British Airways have also confimred that more than 34,000 Employee Details have been exposed as a result. Find out more in this article.
Security experts in the United States have reported that hackers have successfully stolen data from multiple users of the popular file transfer tool, MOVEit Transfer. This news was communicated out on Thursday, just a day after the software’s manufacturer, Progress Software Corp, revealed the discovery of a security flaw.
Progress Software, based in Burlington, Massachusetts, had disclosed the vulnerability a day earlier, cautioning that it could potentially allow unauthorised access into users’ systems. The company’s managed file transfer software is used by organisations for moving files and data between business partners and customers. However, the precise number of organisations using this software and those affected by the potential breaches remains unclear. Progress Software’s Chief Information Officer, Ian Pitt, did not disclose this information, but affirmed that fixes had been made available since the vulnerability was detected on the 28th of May.
The software’s cloud-based service, carrying the same name, was also impacted, according to Pitt. However, he assured Reuters, “As of now we see no exploit of the cloud platform.” Contrarily, cyber security firms Rapid7 Inc and Mandiant Consulting, a subsidiary of Google who were recently brought in as independent Cyber Security specialists in the 3CX hack, reported that they had found instances where this flaw had been exploited to steal data. “Mass exploitation and broad data theft has occurred over the past few days,” stated Charles Carmakal, the Chief Technology Officer of Mandiant Consulting.
Such “zero-day” vulnerabilities, previously unknown in managed file transfer solutions, have led to data theft, leaks, extortion, and victim-shaming in the past, Mandiant highlighted. “Although Mandiant does not yet know the motivation of the threat actor, organisations [and individuals who have used MOVEit Transfer] should prepare for potential extortion and publication of the stolen data,” Carmakal warned.
Rapid7 noted that cases of compromise related to this flaw have increased since its disclosure. Progress Software has provided guidance on steps that users at risk can take to lessen the impact of this security vulnerability.
Pitt did not comment on who might have been attempting to steal data by exploiting this flaw. “We have no evidence of it being used to spread malware,” he said. According to Pitt, compared to the company’s other software products that number more than 20, MOVEit Transfer is used by a relatively “small” number of customers. He concluded, “We have forensics partners on board and we are working with them to make sure that we have an ever-evolving grasp of the situation.”.
Whilst there are multiple File Sharing and Transfer Solutions such as MOVEit, WeTransfer, Dropbox, SendAnywhere, FileTransfer and more. At One2Call we recommend Microsoft OneDrive which includes (at least) 1Tb of cloud storage for business plans, with the ability to be able to share files from the cloud by link or with specific users, you also have advanced controls to set passwords and limit sharing past a set date. If you would like to find out more about Microsoft 365 and Cloud Storage, click the link below. Alternatively if you would like to find out about our Cyber Security services and how we can protect your business from being targeted by phishing and extortion attacks via email through Advanced Email Threat Protection you can download our Cyber Security Assessment form where we go through this and more.
Latest News Stories
Hacker Group Suspected Behind Recent Microsoft Outage
Recent service disruptions experienced by Microsoft have been attributed to a DDoS Cyber Attack, with experts suggesting that the hackers behind the operation are most likely linked to a Russian-backed group. The group, known as Anonymous Sudan, which first surfaced...
Louisiana Driver’s License Holders Caught in Massive Cyber Attack
In the latest development in the ongoing fallout of the MOVEit Cyber Attack, every driver's license holder in the US state of Louisiana has been exposed to hackers in the enormous Cyber Attack. Personal details such as; Names, Addresses, and Social Security Numbers,...
Update your iPhone & iPad now! Patch released after malware found on Kaspersky Labs devices (June 2023)
Apple, the global technology giant, has announced a new patch has been released to resolve to two significant security flaws in its iPhone and iPad devices. These vulnerabilities were found to have been exploited as part of a broad hacking campaign, which at this time...
Our Customers
Testimonials
Sarah Wroe, Commercial Property Partners
Stayed late on a Friday evening to fix my computer. Thank you
Rob Watt, Straaltechniek
Quick and easy. Pawel always great to deal with.
Mark, Modern Creatives
Local, extremely helpful, prompt. Quick to react when there have been issues (not caused by One2call). Have recommended in the past to clients.