Short description: File transfer software
MOVEit is a managed file transfer software product produced by Ipswitch, Inc. (now part of Progress Software).[3] MOVEit encrypts files and uses file transfer protocols such as FTP(S) or SFTP to transfer data, as well as providing automation services, analytics and failover options.[3][4] The software has been used in the healthcare industry by companies such as Rochester Hospital[5] and Medibank,[6] as well as thousands of IT departments in high technology, government, and financial service companies like Zellis.[7]
History
MOVEit was released in 2002 by Standard Networks.[8] In 2006, the company released integration between MOVEit and antivirus software to stop the transfer of infected files.[9]
Ipswitch acquired MOVEit in 2008 when the company purchased Standard Networks.[10] MOVEit Cloud was announced in 2012 as a cloud-based file transfer management software.[11] MOVEit Cloud was the first enterprise-class cloud managed file transfer software. It is scalable and can share files system-to-system, with groups, or person-to-person.[12]
In 2013, MOVEit clients were released for the iOS and Android platforms. The release included a configuration wizard, as well as email encryption.[3][13]
Ipswitch Analytics was released in 2015 to monitor and report data through the MOVEit software. The analytic data includes an activity monitor and automated report creation. Ipswitch Analytics can access data from MOVEit file transfer and automation servers.[14][15] That same year, Ipswitch Failover was released. The software can return recovery point objectives (RPO) in seconds with a recovery time objectives (RTO) of less than a minute, which increases the availability of MOVEit.[16]
2023 Data Breach
- Main page: 2023 MOVEit data breach
On 31 May 2023, Progress reported a SQL injection vulnerability in MOVEit Transfer and MOVEit Cloud (CVE-2023-34362). The vulnerability's use was widely exploited in late May 2023.[17] The 31 May vulnerability allows an attacker to access MOVEit Transfer's database from its web application without authenticating. The attacker may then be able to execute SQL statements that alter or delete entries in the database, and infer information about the structure and contents of the database.[18][19] Data exfiltration in the widespread May-June attacks by the Russian-speaking cyber crime group Cl0p may have been primarily focused on data stored using Microsoft Azure.[20] Upon discovery, Progress launched an investigation, alerted its customers of the issue and provided mitigation steps (blocking all HTTP and HTTPS traffic to MOVEit), followed by the development and release of a security patch.[21] On 15 June, another vulnerability that could lead to unauthorized access became public (CVE-2023-35708).[22]
In 2023, it was published that the 31 May 2023 zero-day vulnerability had been exploited by attackers.[23] On 7 June 2023, cyber gang Clop, believed to be Russian-based, made a blog posting saying that they had gained access to MOVEit transactions worldwide, and that organisations using MOVEit had until 14 June to contact Clop and pay a ransom, otherwise stolen information would be published. Details typically include payroll data with fields such as home addresses, National Insurance numbers, and bank details, but vary. The group said that they had information from eight UK organisations including the BBC, derived by an attack on payroll services provider Zellis. It was surmised that contact via blog post rather than email to victims might be due to the enormous number of victims, being too many to handle individually.[24]
- Response
The MOVEit team has worked with industry experts to investigate the May 31 incident. Cybersecurity and Infrastructure Security Agency (CISA),[25] CrowdStrike,[26] Mandiant,[27] Microsoft,[28] Huntress[29] and Rapid7[30] have assisted with incident response and ongoing investigations.[31] Cyber industry experts[who?] have credited the MOVEit team for its response and handling of the incident by quickly providing patches, as well as regular and informative advisories that helped support rapid remediation.[32][33][34] Despite the attempts by the company to remediate the vulnerabilities, hundreds of companies across the world had exorbitant amounts of confidential information stolen due to the weaknesses in the software. The effects of the MOVEit breach are still being revealed as of November 2023. It is estimated that the stolen data will be abused for many years to come.
References
- ↑ https://docs.progress.com/bundle/moveit-transfer-release-notes-2023/page/Whats-New-in-MOVEit-Transfer-2023.html
- ↑ https://docs.progress.com/bundle/moveit-automation-release-notes-2023/page/Whats-New-in-MOVEit-Automation-2023.html
- ↑ 3.0 3.1 3.2 Alex Woodie (September 24, 2013). "Ipswitch Adds iOS and Android Clients to MFT Suite". IT Jungle. http://www.itjungle.com/fhs/fhs092413-story03.html.
- ↑ "Managed File Transfer Software - MOVEit MFT - Ipswitch" (in en). https://www.ipswitch.com/moveit.
- ↑ "Rochester General Hospital MOVEit Case Study". HealthData Management. http://resources.healthdatamanagement.com/content34973.
- ↑ Chris Player (November 13, 2014). "Medibank employs Ipswitch MOVEit MFT". ARN. http://www.arnnet.com.au/article/559554/medibank-employs-ipswitch-moveit-mft/.
- ↑ "Ipswitch launches new tools to protect critical and confidential date". TYN Channel. January 4, 2016. http://www.tynchannel.com/ipswitch-lanza-nuevas-herramientas-para-proteger-datos-criticos-y-confidenciales/.
- ↑ "Standard Networks releases secure transfer client". WTN News. March 24, 2004. http://wtnnews.com/articles/700/.
- ↑ "MOVEit Central File Transfer Management Offers Real-Time". Business Wire. April 18, 2006. http://www.businesswire.com/news/home/20060418005291/en/MOVEit-Central-File-Transfer-Management-Offers-Real-Time.
- ↑ Tom Jowitt (February 19, 2008). "Ipswitch gets compliance with Standard Networks buy". Network World. http://www.networkworld.com/article/2283555/infrastructure-management/ipswitch-gets-compliance-with-standard-networks-buy.html.
- ↑ Brandon Butler (November 13, 2012). "File transfer systems adapting to today's cloudy conditions". Network World. http://www.networkworld.com/article/2161378/cloud-computing/file-transfer-systems-adapting-to-today-s-cloudy-conditions.html.
- ↑ "Ipswitch FIlp Transfer Launches MOVEit Cloud & MOVEit Ad Hoc Transfer". Compliance Week. November 6, 2012. https://www.complianceweek.com/blogs/grc-announcements/ipswitch-file-transfer-launches-moveit-cloud-moveit-ad-hoc-transfer#.VzX-E5MrIch.
- ↑ Chris Talbot (November 15, 2015). "Ipswitch Adds Mobile Support to MOVEit Cloud 8.0". Talkin Cloud. http://talkincloud.com/cloud-computing-mobile-services/ipswitch-adds-mobile-support-moveit-cloud-80.
- ↑ Nathan Eddy (June 8, 2015). "Ipswitch Analytics Offers Auditable File Transfers". eWeek. http://www.eweek.com/small-business/ipswitch-analytics-offers-auditable-file-transfers.html.
- ↑ Kathrin Jannot (April 4, 2016). "MOVEit organized file transfers from a single interface". Cyber Press. https://cyberpress.de/2016/04/ipswitch-moveit-organisiert-dateiuebertragungen-ueber-eine-einzige-oberflaeche/.
- ↑ "Ipswitch Delivers Zero Downtime and No Data Loss with New Failover Solution for Managed File Transfer". APM Digest. September 23, 2015. http://www.apmdigest.com/ipswitch-delivers-zero-downtime-and-no-data-loss-with-new-failover-solution-for-managed-file.
- ↑ Arghire, Ionut (2023-06-19). "MOVEit Customers Urged to Patch Third Critical Vulnerability" (in en-US). https://www.securityweek.com/moveit-customers-urged-to-patch-third-critical-vulnerability/.
- ↑ "NVD - CVE-2023-34362". https://nvd.nist.gov/vuln/detail/CVE-2023-34362.
- ↑ "MOVEit Transfer and MOVEit Cloud Vulnerability". 5 July 2023. https://www.progress.com/security/moveit-transfer-and-moveit-cloud-vulnerability.
- ↑ Goodin, Dan (2023-06-06). "Mass exploitation of critical MOVEit flaw is ransacking orgs big and small" (in en-us). https://arstechnica.com/information-technology/2023/06/mass-exploitation-of-critical-moveit-flaw-is-ransacking-orgs-big-and-small/.
- ↑ "Progress Customer Community". https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023.
- ↑ "Progress Customer Community". https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-15June2023.
- ↑ Page, Carly (2023-06-02). "Hackers launch another wave of mass-hacks targeting company file transfer tools" (in en-US). https://techcrunch.com/2023/06/02/hackers-launch-another-wave-of-mass-hacks-targeting-company-file-transfer-tools/.
- ↑ Tidy, Joe (7 June 2023). "BBC, BA and Boots issued with ultimatum by cyber gang Clop". https://www.bbc.com/news/technology-65829726.
- ↑ "#StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability". June 7, 2023. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a.
- ↑ Lioi, Tyler; Palka, Sean (June 5, 2023). "Movin’ Out: Identifying Data Exfiltration in MOVEit Transfer Investigations". https://www.crowdstrike.com/blog/identifying-data-exfiltration-in-moveit-transfer-investigations/.
- ↑ Zaveri, Nader; Kennelly, Jeremy; Stark, Genevieve (June 2, 2023). "Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft". https://www.mandiant.com/resources/blog/zero-day-moveit-data-theft.
- ↑ "Attack Surface: CVE-2023-34362 MOVEit Transfer Zero-Day Exploitation (May 2023)". June 4, 2023. https://twitter.com/MsftSecIntel/status/1665537730946670595.
- ↑ Hammond, John (June 1, 2023). "MOVEit Transfer Critical Vulnerability CVE-2023-34362 Rapid Response". https://www.huntress.com/blog/moveit-transfer-critical-vulnerability-rapid-response.
- ↑ Condon, Caitlyn (June 1, 2023). "Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability". https://www.rapid7.com/blog/post/2023/06/01/rapid7-observed-exploitation-of-critical-moveit-transfer-vulnerability/.
- ↑ Kapko, Matt (June 14, 2023). "MOVEit mass exploit timeline: How the file-transfer service attacks entangled victims". https://www.cybersecuritydive.com/news/moveit-breach-timeline/687417/.
- ↑ Starks, Tim (June 7, 2023). "Cyberdefenders respond to hack of file-transfer tool". The Washington Post. https://www.washingtonpost.com/politics/2023/06/07/cyberdefenders-respond-hack-file-transfer-tool/.
- ↑ "Inside the MOVEit Attack: Decrypting Clop's TTPs and Empowering Cybersecurity Practitioners". July 4, 2023. https://www.infosecurity-magazine.com/podcasts/infosec-mag-pod-july-2023//.
- ↑ Stone, Noah (July 20, 2023). "New research reveals rapid remediation of MOVEit Transfer vulnerabilities". BitSight. https://www.bitsight.com/blog/new-research-reveals-rapid-remediation-moveit-transfer-vulnerabilities/.