How MOVEit breach shows hackers' interest in corporate file transfer
tools
Send a link to a friend
[June 17, 2023] By
Raphael Satter
(Reuters) - Ransom-seeking hackers have increasingly turned a greedy eye
toward the world of managed file transfer (MFT) software, plundering the
sensitive data being exchanged between organizations and their partners
in a bid to win big payouts.
Governments and companies globally are scrambling to deal with the
consequences of a mass compromise made public on Thursday that was tied
to Progress Software Corp's MOVEit Transfer product. In 2021 Accellion
Inc's File Transfer Appliance was exploited by hackers and earlier this
year Fortra's GoAnywhere MFT was compromised to steal data from more
than 100 companies.
So what is MFT software? And why are hackers so keen to subvert it?
CORPORATE DROPBOXES
FTA, GoAnywhere MFT, and MOVEit Transfer are corporate versions of file
sharing programs consumers use all the time, like Dropbox or WeTransfer.
MFT software often promises the ability to automate the movement of
data, transfer documents at scale and provide fine-grained control over
who can access what.
Consumer programs might be fine for exchanging files between people but
MFT software is what you want to exchange data between systems, said
James Lewis, the managing director of UK-based Pro2col, which consults
on such systems.
"Dropbox and WeTransfer don't provide the workflow automation that MFT
software can," he said.
MFT PROGRAMS CAN BE TEMPTING TARGETS
Running an extortion operation against a well-defended corporation is
reasonably difficult, said Recorded Future analyst Allan Liska. Hackers
need to establish a foothold, navigate through their victim's network
and exfiltrate data - all while remaining undetected.
[to top of second column] |
A man types on a computer keyboard in
front of the displayed cyber code in this illustration picture taken
on March 1, 2017.REUTERS/Kacper Pempel/Illustration
By contrast, subverting an MFT program - which typically faces the
open internet - was something more akin to knocking over a
convenience store, he said.
"If you can get to one of these file transfer points, all the data
is right there. Wham. Bam. You go in. You get out."
HACKER TACTICS ARE SHIFTING
Scooping up data that way is becoming an increasingly important part
of the way hackers operate.
Typical digital extortionists still encrypt a company's network and
demands payment to unscramble it. They might also threaten to leak
the data in an effort to increase the pressure. But some are now
dropping the finicky business of encrypting the data in the first
place.
Increasingly, "a lot of ransomware groups want to move away from
encrypt-and-extort to just extort," Liska said.
Joe Slowik, a manager with the cybersecurity company Huntress, said
the switch to pure extortion was "a potentially smart move."
"It avoids the disruptive element of these incidents that attract
law enforcement attention," he said.
(Reporting by Raphael Satter; editing by Grant McCool)
[© 2023 Thomson Reuters. All rights
reserved.]
This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content.
|