Flash Notice: Attackers Attempting to Exploit Critical MOVEit Transfer Vulnerabilities

overview

Exploitation attempts targeting critical MOVEit Transfer vulnerabilities, CVE-2024-5806 (CVSS 9.1) and CVE-2024-5805 (CVSS 9.1) , have begun shortly after its disclosure. This vulnerabilities, found in the SFTP module of MOVEit Transfer, allows attackers to bypass authentication and gain unauthorized access to sensitive data. 

CVE-2024-5805 impacts MOVEit Transfer 2024.0.0. CVE-2024-5806 impacts MOVEit Transfer 2023.0.0 to 2023.0.10, 2023.1.0 to 2023.1.5, and 2024.0.0. Exploitation involves using a null string as a public encryption key, allowing an attacker to log in as a trusted user. 

As of right now, Shadowserver Foundation has reported exploitation attempts in honeypots. Approximately 1,700 internet-exposed MOVEit Transfer instances have been detected, mostly in North America. Progress Software has released patches for CVE-2024-5805 and CVE-2024-5806, and it is highly recommended that they be applied immediately.  

avertium's recommendationS

• Progress Software recommends blocking public inbound RDP access and restricting outbound access to trusted endpoints to mitigate associated third-party component vulnerabilities. 
• Ensure MOVEit Transfer versions are updated to 2023.0.11, 2023.1.6, or 2024.0.2 as applicable. For patch guidance, please click on the links above.  
• Please click here to see which version you are running.

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with CVE-2024-5805 and CVE-2024-5806. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

How Avertium is Protecting Our CUSTOMERS

• Minimizing the impact of a successful ransomware or malware attack requires detecting it as early in the attack as possible. A Security Information and Event Management (SIEM) system can help an organization to accomplish this. Avertium offers a comprehensive SIEM-based approach that increases the potential for detecting a ransomware infection before it deploys. SIEM provides a holistic overview of a company’s IT environment from a single point of view in terms of its specific security events, empowering teams to detect and analyze unusual behavior. 
• Fusion MXDR  is the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts. 

SUPPORTING DOCUMENTATION