Recent vulnerabilities discovered in MOVEit Transfer and MOVEit Cloud systems could pose a significant risk to the healthcare sector, where the secure transfer of sensitive data is paramount. MOVEit, a managed file transfer product from Progress Software, is widely used for automated high-volume, HIPAA- and GDPR-compliant transfers. These vulnerabilities could compromise the security of data transfers and expose hospitals and healthcare organizations to potential breaches.
Why it matters:
Two significant vulnerabilities have been identified in the MOVEit Transfer and MOVEit Cloud systems, according to reports from the Cybersecurity and Infrastructure Security Agency (CISA) and Progress, the company behind the MOVEit products. If exploited, these vulnerabilities could lead to unauthorized access and escalated privileges within the affected systems, posing a significant risk to the security of data transferred and stored using these platforms.
The big picture:
The vulnerabilities were discovered on June 9 and May 31, 2023. The first vulnerability could lead to escalated privileges and unauthorized access to the environment. The second vulnerability was found during an ongoing investigation into the first vulnerability. These vulnerabilities underscore the persistent threats to cybersecurity and the need for constant vigilance and proactive measures to protect against potential attacks.
What they're saying:
Upon discovery of the vulnerabilities, Progress promptly launched an investigation, alerted MOVEit customers of the issue, and provided immediate mitigation steps. A security patch was developed and released within 48 hours of the vulnerability's discovery. "All MOVEit Transfer customers must apply the new patch," Progress stated in a security advisory. The company also thanked its partners and collaborators, including CISA, Crowdstrike, Huntress, Mandiant, Microsoft, and Rapid7, for their assistance in identifying and addressing these vulnerabilities.
What's next:
Progress has released patches for both vulnerabilities and is urging all MOVEit Transfer customers to apply the new patches. Customers are also advised to follow recommended mitigation guidance and monitor for known Indicators of Compromise (IoC). For MOVEit Cloud customers, the latest patch was released on June 9, 2023. Customers are encouraged to review their audit logs for signs of unexpected or unusual file downloads and continue to review access logs and systems logging, together with their systems protection software logs.
Between the lines:
The discovery of these vulnerabilities is a reminder of the ongoing threats to cybersecurity in the healthcare industry. It highlights the importance of robust cybersecurity measures and the value of collaboration in the cybersecurity industry. The swift response by Progress and its partners demonstrates the effectiveness of a proactive and collaborative approach to cybersecurity.
The bottom line:
The investigation into these vulnerabilities is ongoing. As new details are uncovered, Progress will continue to update its customers and the broader cybersecurity community. In the meantime, customers who have not yet applied the patches are urged to do so immediately. They should also follow the recommended mitigation guidance and monitor for known Indicators of Compromise. Customers with questions are encouraged to contact Progress Customer Technical Support for further assistance.
Actions to take today to mitigate cyber threats from CL0P ransomware:
- Take an inventory of assets and data, identifying authorized and unauthorized devices and software.
- Grant admin privileges and access only when necessary, establishing a software allow list that only executes legitimate applications.
- Monitor network ports, protocols, and services, activating security configurations on network infrastructure devices such as firewalls and routers.
- Regularly patch and update software and applications to their latest versions, and conduct regular vulnerability assessments.
Related: HIPAA Compliant Email: The Definitive Guide
Dean Levitt
