Ad Image

The MOVEit Effect: Protecting Public-Facing Applications



Solutions Review’s Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise software categories. Kiran Chinnagangannagari of Securin looks at the impact of the MOVEit exploit for answers in protecting public-facing applications.

Organizations globally use public-facing applications every day to keep their businesses running. Servers, virtual private networks (VPNs), and application programming interfaces (APIs) are all common forms of third-party, public-facing applications that make accessing a service or completing work more efficient — but less secure. Many of these web-based applications can be used as a point of entry by bad actors to exploit vulnerabilities, gain access to proprietary information, and hold systems for ransom. Organizations involving strict compliance laws – like healthcare or finance – can be at elevated risk of damages from a data breach.

This is precisely what happened to MOVEit Transfer, which was exploited by the Cl0p ransomware group. The managed file transfer (MFT) solution is used to transfer files between customers and businesses safely and securely – and was discovered to have 2,500 exposed servers, most of which were in the U.S. This breach most recently attacked the government of Nova Scotia, Aer Lingus airlines, and the BBC among many others. These vulnerabilities allowed attackers to intercept, control, and exploit shared files, resulting in data breaches and potential financial, reputational, and legal consequences.

Download Link to Data Integration Buyers Guide

The MOVEit Effect: Protecting Public-Facing Applications

The Clop Ransomware Gang

Public-facing applications such as MOVEit have a wide attack surface because of the need for third parties to function and make accessing their platforms easier for users. Services providing APIs, VPNs, and more pose a risk to organizations because they offer an additional point of entry to bad actors. In the case of MOVEit, vendors and customers all had third-party access to the transfer system. These access points were potentially being used by Cl0p to penetrate the system, gain access to proprietary information, and encrypt files in its wake.

The MOVEit attack demonstrated the strength and intelligence of the Cl0p ransomware gang, which has worked to breach and attack many organizations since 2019. Cl0p uses tactics to avoid detection, making it harder for victims to notice attacks when they occur and easier for the ransomware to kill backup and security processes before encrypting files.

Cl0p injects ransomware into network systems and is then granted false certification that allows the virus to manipulate system data and catalog technical details to share with threat actors. Targeting systems by encrypting .jpg, .mp3, and .doc files and installing a Cl0p extension renders files inaccessible to victims. The gang then requires a ransom payment to remove the ransomware and allow victims to recover their data.

The Cl0p ransomware gang continues to threaten organizations in various sectors and poses several risks for those affected. Cl0p has exploited many vulnerabilities, including the SolarWinds Serv-U FTP vulnerability and the GoAnywhere MFT zero-day vulnerability. Recently, Cl0p has targeted public-facing applications. The MOVEit attack was performed by finding an entry point in the platform, resulting in potential access to files containing intellectual property (IP) or personally identifiable information (PII). Taking proactive steps to protect your data by backing up and updating systems, protecting networks, and using security barriers like multi-factor authentication to secure your files and prevent a hostile breach is important.

Organization Security Strategies and Best Practices

In today’s digital landscape, where sensitive public-facing applications like MOVEit play a crucial role in facilitating secure data transfers, adopting a proactive and holistic security strategy is imperative. The attack surface for such applications is extensive, encompassing various potential entry points for cyber threats. Therefore, it is essential to go beyond reactive security measures and implement a proactive approach that continuously monitors and addresses potential risks.

Here are some places to start:

  • Stay Current and Raise Awareness: CISOs should monitor news on security announcements and advisories to identify potential vulnerabilities and the steps necessary to recover or protect data. Security teams should communicate with organization employees on proper security and controls etiquette to avoid social engineering.
  • Patching and Updates: Ensure systems and apps are updated with the latest security patches and updates. Regularly check for vendor-supplied patches, as patching helps to mitigate the risk of exploitation by cyber attackers.
  • Continuous Monitoring: Implement robust monitoring and intrusion detection systems to monitor applications for suspicious activities or attempted breaches. Monitor logs, network traffic, and user behavior to detect anomalies promptly.
  • Regular Security Assessments: Conduct regular security assessments and penetration tests on systems and applications to identify and address vulnerabilities proactively. The findings from these assessments can help prioritize security improvements and mitigate potential risks.

Final Thoughts on the MOVEit Effect

MOVEit offered a specific service that organizations often overlooked. Disregarding this technology resulted in its exposure, which went undetected for an extended period. Cl0p Ransomware sought public-facing applications to have an increased chance of exploiting a vulnerability, gaining access to private data, and attacking organizations. In the future, CISOs and organizations can mitigate the risks posed by public-facing applications by embracing a continuous and proactive approach to managing potential security risks. These practices can offer insights on vulnerabilities, exposures, and suspicious activity and allow organizations to proactively patch, update, and respond, ultimately securing their data and preventing the damage associated with stolen or exploited data.

Download Link to Data Integration Buyers Guide

Share This

Related Posts