If you haven’t already heard, hackers have been exploiting a vulnerability in the popular MOVEit File Transfer system. Governments, financial institutions, energy companies, non-profits and a variety of other organizations across the world experienced intrusions recently due to the vulnerability. Officials are still assessing the full impact, but the list of affected parties keeps growing.
This hack underscores how malicious actors are shifting their methods to focus on suppliers and software providers to gain access to larger, more secure organizations. The lesson here is two-fold: know what products are in your software supply chain and keep all your programs up to date with the latest releases from your vendors.
The maker of the program, Progress Software, publicly disclosed the vulnerability and released an initial patch, as well as recommended remediation steps. If your business uses MOVEit for file transfer, it’s critical that you use the following link to make the initial patch and follow the recommended remediation immediately.
MOVEit Transfer Critical Vulnerability (May 2023) (CVE-2023-34362) – Progress Community
However, more vulnerabilities affecting MOVEit have been discovered, so it is important to follow updates from the Cybersecurity and Infrastructure Security Agency (CISA), and other trusted organizations.
Progress Software Releases Security Advisory for MOVEit Transfer Vulnerability | CISA
The Cyber Readiness Institute (CRI) has developed content and tools to help small and medium-sized businesses prevent just this type of incident. The Cyber Readiness Program offers a comprehensive training program to build a culture of cyber readiness in your organization, including a software management policy and a tool that could have helped organizations prevent this attack.