Ransomware-seeking hackers have increasingly had their greedy eye on the world of MFT (Managed File Transfer) software, plundering the sensitive data exchanged between organizations and their partners in order to generate hefty payouts.
Governments and businesses around the world are grappling with the aftermath of a mass compromise related to Progress Software’s MOVEit Transfer product, which was disclosed Thursday. In 2021, Accellion’s File Transfer Appliance was exploited by hackers and earlier this year, Fortras GoAnywhere MFT was compromised to steal data from more than 100 companies.
So what is MFT software? And why are hackers so interested in subverting it?
Corporate ddrop boxes
FTA, GoAnywhere MFT and MOVEit Transfer are enterprise versions of file sharing programs that consumers use all the time, like Dropbox or WeTransfer. MFT software often promises the ability to automate the movement of data, transfer documents at scale, and provide granular control over who can access what.
Consumer programs may be good for sharing files between people, but MFT software is exactly what you need to share data between systems, said James Lewis, chief executive of UK-based firm Pro2col, which offers advice on such systems .
“Dropbox and WeTransfer don’t offer the workflow automation that MFT software can offer,” he said.
MFT programs can be tempting targets
Running a blackmail operation against a well-defended company is somewhat difficult, said Allan Liska, an analyst at Recorded Future. Hackers need to gain a foothold, navigating their victim’s network and stealing data—while remaining undetected.
By contrast, subverting an MFT program — which usually has to do with the open Internet — would be more like robbing a supermarket, he said.
“If you can get to one of those file transfer points, all the data is right there. wham. bam You go in. You come out.”
Hacker tactics are changing
Tracking down data is becoming increasingly important for hackers.
Typical digital extortionists still encrypt a company’s network and demand payment to decrypt it. They could also threaten to release the data to increase the pressure. However, some now do without the delicate matter of encrypting the data in the first place.
“More and more, many ransomware groups want to move away from encryption and blackmail and just blackmail,” Liska said.
Joe Slowik, an executive at cybersecurity firm Huntress, said moving to pure extortion was “a potentially smart move.”
“It avoids the disruptive element of these incidents that draws law enforcement attention,” he said.
© Thomson Reuters 2023
