In early June, multiple threat researchers observed attacks on MOVEit servers using a zero day vulnerability that facilitated data exfiltration. MOVEit Transfer is a managed file transfer software that supports the exchange of files and data. This vulnerability allows an attacker to gain access to the database and possibly infer information about the structure and contents of the database.
Over subsequent days the media covered many examples of enterprises being significantly impacted by attackers targeting this vulnerability making it clear that it was being widely exploited. Zellis, a large UK payroll provider announced that they had been compromised by this attack and that hackers had gained access to personal and payroll information on employees of British Airways, BBC, Boots, Aer Lingus and others.
Centripetal tracked a range of indicators of compromises (IOCs) associated with the vulnerability and proactively deployed them directly to all customers for immediate shielding. We are constantly updating our intelligence as our providers publish new intelligence to their respective feeds.
Over the subsequent week we observed over 300 clear attempts at exploiting this vulnerability in our customer networks and monitored 6,000 connections potentially associated with MOVEit. Centripetal blocked potential attacks which could have significantly impacted their business.
CleanINTERNET® customers were protected from attack because of Centripetal’s access to timely and relevant threat intelligence related to this vulnerability and associated attack infrastructure, and because we pushed that intel down to all customer’s RuleGATEs in near real-time. This approach to protection ensures a rapid defense without placing a significant burden on the customer.
Our recommendation is still that all customers of MOVEit should patch their infrastructure as soon as practical, thus mitigating all concerns around this vulnerability. In the meantime CleanINTERNET® provides a defensive layer to shield malicious traffic targeting this and other vulnerabilities.
If you are a current client of MOVEit or you use their services, please contact us to learn more about how CleanINTERNET® can protect you.