In light of the recent vulnerabilities (CVE-2023-34362) and (CVE-2023-35036) affecting our MOVEit Transfer and MOVEit Cloud products, we want to help provide our customers with information to help them react quickly to potential risks to the MOVEit Transfer and MOVEIt Cloud vulnerabilities. To better equip those that may have been impacted, directly or indirectly, we have also included general recommendations from leading industry experts and our partners in the security and threat intelligence communities that will help you better detect and respond to any potential data exfiltration. Note that we provide this blog post for informational purposes only. This should not be considered legal advice and Progress encourages you to consult with your own legal counsel.
It is incredibly important that our MOVEit Transfer and MOVEit Cloud customers read and follow the recommended guidance available on our Security Center, if they have not done so already. Furthermore, for customers leveraging Microsoft Defender for Endpoint and/or Rapid7’s Velociraptor open-source endpoint monitoring and forensics platform, you can find hunting queries below to detect associated activity with this exploit.
As additional information from the security community is shared, we will continue providing updates.
For our MOVEit Transfer customers, we strongly suggest working alongside your security vendors to help detect the identified Indicators of Compromise (IoCs) listed in the MOVEit Transfer Knowledge Base article. You may also refer to Mandiant’s MOVEit Containment and Hardening Guide.
To help organizations detect the precursors of a typical data exfiltration attack, there are varying indicators your security and/or IT teams should monitor for, including: searching your DNS logs, searching endpoints for installed software and process telemetry, threat intelligence for malicious IP addresses, amongst others. You may refer to the InfoSec Institute's Network Analysis for Data Exfiltration article.
To locate possible exploitation activity, run the following queries in your Microsoft 365 security center.
If you believe that you have been the victim of a cybercrime, please consider the actions set forth below. We also recommend that you check your spam filters for any inbound messages from the potential "threat actors" to avoid missing any important communications. Please note that this is not intended as legal or regulatory advice and is not an exhaustive list or playbook. Rather, it includes suggestions based upon advice from trusted cybersecurity experts. Any suggestions listed are subject to further advice from your legal counsel and/or other third-party advisors:
To better prepare your organization for potential data extortion against you or your customers, we encourage you to review the below guidance that we have received from trusted third-party service providers and implement certain measures as best suited for your specific organizational needs. Please note, these are not considered mitigation or prevention steps to the above-mentioned vulnerability, but rather cautionary steps aimed at helping you reduce risk and enable a quicker recovery. Again, this is not intended legal or regulatory advice and is not intended to be an exhaustive list, but instead are suggestions based upon advice that Progress has received from trusted cybersecurity firms. Any suggestions listed are subject to further advice from your legal counsel and other third-party advisors.
To keep abreast with updates regarding this situation, we encourage subscribing to our blog.
Richard Barretto is the Chief Information Security Officer at Progress. Richard and his team are responsible for overseeing and developing the data protection strategy for Progress enterprise. He joined the company back in 2020 and has 20-plus years of experience as a cyber security professional. In his free time, he likes playing tennis and spending time with family.
Let our experts teach you how to use Sitefinity's best-in-class features to deliver compelling digital experiences.Learn More
Subscribe to get all the news, info and tutorials you need to build better business apps and sites
You can also ask us not to share your Personal Information to third parties here: Do Not Sell or Share My Info
We see that you have already chosen to receive marketing materials from us. If you wish to change this at any time you may do so by clicking here.
Thank you for your continued interest in Progress. Based on either your previous activity on our websites or our ongoing relationship, we will keep you updated on our products, solutions, services, company news and events. If you decide that you want to be removed from our mailing lists at any time, you can change your contact preferences by clicking here.