17/11/2023
๐จ Cybersecurity Alert: Attacks on File-Transfer Services Surge! ๐๐ป
๐ In a wave of attacks that started in March, MOVEit, GoAnywhere, and IBM Aspera Faspex faced supply-chain attacks, with Clop ransomware exploiting a zero-day vulnerability in MOVEit and GoAnywhere. The aftermath, ongoing for five months, reveals a disturbing trend of attacks on file-transfer services.
๐ฏ Why Are They Targeted?
According to Jess Burn, principal analyst at Forrester, these services are an opportunistic attack vector due to the high-value data they handle. Beyond phishing credentials, they contain a "treasure trove" for threat actorsโdata for extortion or potential corporate espionage.
๐ผ Who's at Risk?
Major financial institutions, education providers, government agencies, healthcare, insurance, and law firms are among the direct and indirect victims.
๐ Vulnerability Spotlight:
Intel 471 has identified 17 vulnerabilities in managed file-transfer products since 2018, with 51 classified as high risk. As these tools become more prevalent, the number of vulnerabilities for threat actors to exploit increases.
โ ๏ธ Implicit Trust Issue:
Mauricio Sanchez from Dell'Oro Group warns of a false sense of security, emphasising the significant consequences of third-party handling of corporate data during transfers.
๐ก๏ธ Staying Secure:
Be vigilant, update systems regularly, and consider the broader implications of using file-transfer services. ๐ช๐
๐ To read more phishy articles, please visit www.gonephishing.xyz - and sign up to our newsletter to never miss a story!