We would like to bring your immediate attention to a significant security concern regarding Progress Software’s managed file transfer product, specifically a recently patched vulnerability. Microsoft has conducted a thorough investigation and has identified the threat actor behind the attacks as Lace Tempest, a known affiliate of the Russian-speaking Clop ransomware-as-a-service gang, also referred to as FIN11 or TA505.

The vulnerability in question, tracked as CVE-2023-34362, enables unauthorised access to a MOVEit Transfer server’s database. Exploiting this vulnerability grants attackers the ability to execute various malicious actions, including data theft, ransomware installation, and other detrimental activities.

Notably, several prominent organisations have fallen victim to these MOVEit Transfer attacks. Among the known victims are British payroll provider Zellis, British Airways, the BBC, and U.K. drugstore chain Boots. Additionally, the government of Canadian province Nova Scotia has disclosed that hackers breached a resident’s personal information as part of this attack.

To safeguard your organisation’s digital assets and sensitive information, we strongly advise taking the following immediate actions: Apply Security Patch: It is crucial to promptly apply the security patch for CVE-2023-34362 on all systems running MOVEit Transfer. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) specifically urges all affected organisations to prioritise the installation of this
patch to mitigate the risk of data theft or ransomware attacks.

Maintain Up-to-Date Software: This incident serves as a crucial reminder of the vital importance of regularly updating software with the latest security patches. By ensuring that your software remains current, you significantly reduce the risk of falling victim to such attacks.
Furthermore, we recommend implementing the following measures to enhance your organisation’s overall cyber security posture:

a. Strong Passwords and Multi-Factor Authentication: Encourage all personnel to utilise strong, unique passwords and enable multi-factor authentication whenever possible. These steps greatly bolster account security.

b. Data Backup and Recovery Plan: Establish and maintain a comprehensive data backup and recovery plan. Regularly backing up critical data ensures its availability and integrity, even in the event of a successful attack.

c. Employee Cyber Security Education: Conduct regular cyber security awareness training sessions to educate employees about current threats, best practices, and how to recognise and report suspicious activity. Well-informed staff members are an organisation’s first line of defence.d. Proactive Monitoring: Implement robust monitoring mechanisms to detect and respond swiftly to any suspicious activity. By maintaining vigilance, you can identify potential threats before they escalate.

By taking these proactive steps, your organisation can effectively safeguard itself against cyber attacks and potential data breaches. We urge you to share this advisory with all relevant personnel within your organisation and ensure that the recommended actions are implemented without delay.

Should you require any further information or assistance in addressing this security concern, please do not hesitate to reach out to us. Together, we can strengthen your organisation’s resilience against cyber threats.


Leave a Reply

Your email address will not be published. Required fields are marked *