Monday, September 25, 2023

Explained: How MOVEit Breach shows hackers’ interest in file transfer tools -Dlight News

Ransomware-seeking hackers have increasingly had their greedy eye on the world of MFT (Managed File Transfer) software, plundering the sensitive data exchanged between organizations and their partners in order to generate hefty payouts.

Governments and businesses around the world are grappling with the aftermath of a mass compromise related to Progress Software’s MOVEit Transfer product, which was disclosed Thursday. In 2021, Accellion’s File Transfer Appliance was exploited by hackers and earlier this year, Fortras GoAnywhere MFT was compromised to steal data from more than 100 companies.

So what is MFT software? And why are hackers so interested in subverting it?

Corporate ddrop boxes

FTA, GoAnywhere MFT and MOVEit Transfer are enterprise versions of file sharing programs that consumers use all the time, like Dropbox or WeTransfer. MFT software often promises the ability to automate the movement of data, transfer documents at scale, and provide granular control over who can access what.

Consumer programs may be good for sharing files between people, but MFT software is exactly what you need to share data between systems, said James Lewis, chief executive of UK-based firm Pro2col, which offers advice on such systems .

“Dropbox and WeTransfer don’t offer the workflow automation that MFT software can offer,” he said.

MFT programs can be tempting targets

Running a blackmail operation against a well-defended company is somewhat difficult, said Allan Liska, an analyst at Recorded Future. Hackers need to gain a foothold, navigating their victim’s network and stealing data—while remaining undetected.

By contrast, subverting an MFT program — which usually has to do with the open Internet — would be more like robbing a supermarket, he said.

“If you can get to one of those file transfer points, all the data is right there. wham. bam You go in. You come out.”

Hacker tactics are changing

Tracking down data is becoming increasingly important for hackers.

Typical digital extortionists still encrypt a company’s network and demand payment to decrypt it. They could also threaten to release the data to increase the pressure. However, some now do without the delicate matter of encrypting the data in the first place.

“More and more, many ransomware groups want to move away from encryption and blackmail and just blackmail,” Liska said.

Joe Slowik, an executive at cybersecurity firm Huntress, said moving to pure extortion was “a potentially smart move.”

“It avoids the disruptive element of these incidents that draws law enforcement attention,” he said.

© Thomson Reuters 2023

Apple unveiled its first mixed reality headset, the Apple Vision Pro, at its annual developer conference, along with new Mac models and upcoming software updates. We cover all of the company’s major announcements at WWDC 2023 on Orbital, the Gadgets 360 Podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated – see our Ethics Statement for details.

Related Articles


Please enter your comment!
Please enter your name here

Stay Connected

- Advertisement -spot_img

Latest Articles