File-Transfer services, rich with sensitive data, are under attack

The spree of attacks against MOVEit environments in May, which are still cascading to downstream victims five months later, capped a concentrated period of damaging attacks against file-transfer services. Progress Software’s MOVEit, Fortra’s GoAnywhere and IBM Aspera Faspex were hit by supply-chain attacks over a three-month span starting in March this year. Clop, the ransomware group responsible for exploiting a zero-day vulnerability in MOVEit and GoAnywhere, was also responsible for zero-day exploits against Accellion file-transfer devices in 2020 and 2021. These managed file-transfer services are an opportunistic attack vector because of the data moving across them, said Jess Burn, principal analyst at Forrester. They contain a “treasure trove” that goes beyond phishing for someone’s credentials — high-value data that threat actors can use for extortion or potential corporate espionage, according to Burn. The direct and indirect victims of these attacks include major financial institutions, education service providers, government agencies, healthcare providers, insurance companies and law firms.

File-transfer services serve an integral part of business operations and have trusted access to organizations’ sensitive data, including personally identifiable information, financial, proprietary and intellectual data, Amy Chang, senior fellow of cybersecurity and emerging threats at R Street Institute, said via email.

Cybersecurity Dive 11/14/2023