MoveIT Exploits: Why Don’t They Just Patch?

Ransomware gangs are actively exploiting a vulnerability in Progress Software’s MOVEit file transfer app, which is used by thousands of organizations around the world.  

‍

A number of organizations whose supply chains include the MOVEit application have suffered a data breach as a result, with customer and/or employee data being exfiltrated.

‍

Progress (the vendor who produces the MOVEit software) has issued updated advice on mitigating this vulnerability, which includes a new patch for additional vulnerabilities that could be exploited.  

‍

MOVEit customers should apply the latest vulnerabilities fixes, as described in the MOVEit Transfer Knowledge Base Article (Updated 15th June).

‍

Takeaway: Many are wondering, why didn't these organizations who are getting hit by ransomware gangs taking advantage of the MoveIT vulnerability – and others like the bug in GoAnywhere – jump into action and patch vulnerable applications?

‍

In many cases, patching is not as easy as just downloading the most current version of a vulnerable software, it can be a highly complex task for some organizations.  

‍

In order to avoid breaking critical business systems, patches often need to be applied in a development environment and tested prior to introducing the updates in the production environment.  

‍

Even then, some issues prevent patching due to legacy systems/software or internal (home-brewed) scripts/applications that will break if the patch is applied haphazardly. Thus, there can be months or more of work to do before they can be protected.  

‍

Assessing risk exposure is not always a simple process either if the organization does not have good visibility into all the systems and software running in their environment.  

‍

For example, when the Log4Shell exploit emerged organizations had to scramble to assess where their exposure was because the Log4J utility is so widely used with little in the way of documentation as to where the look for it - hence the pish for a Software Bill of Materials (SBOM) to make this task easier.  

‍

Then of course, unfortunately there are bug fixes releases all the time, and in many cases timely patching is simply not a high priority for some organizations because their IT and security staffing and resources are minimal, especially in sectors that are predominantly non-profit or run on thin margins like healthcare, education, retail and others.

‍

‍

Halcyon.ai is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more.