Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Request a Demo

Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Request a Demo
Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

View All Trustwave Services
Solutions
BY INDUSTRY
BY REGULATION
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
We reduce cyber risk and fortify organizations
Awards and Accolades
Recognition by analysts and media outlets
Trustwave SpiderLabs Team
Global researchers, ethical hackers, and responders
Trustwave Fusion Security Operations Platform
Unprecedented security visibility and control
Trustwave Security Colony
Access to cybersecurity threat protection resources
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
Register
Login
Resources
BLOGS
UPCOMING
MEDIA & ASSETS
NOTICES
HELP

9 Steps to Protect Against the Next MOVEit/MFT Attack

2 Minute Read

By now, the facts of the recent MOVEit breach are well known (although the victim total keeps climbing), but it never hurts to be reminded that these attacks do not take place in a vacuum and threat actors are more than happy to repeatedly use the same tactics if their targets remain vulnerable.

 

Trustwave SpiderLabs, has tracked and documented these events explaining how threat actors were found to be exploiting three vulnerabilities, including a zero-day, (CVE-2023-34362, CVE-2023-35036. and CVE-2023-35708) in the popular Progress Software managed file transfer (MFT) tool, resulting in adversaries gaining escalated privileges and unauthorized data access.

 

The vulnerability, an SQL injection, was soon patched—but not before more than 500 organizations (including US federal agencies) and millions of users were affected.

 

The MOVEit breach is merely the most highly publicized example of a trend in which threat actors target MFT software. Why the interest in MFT? Well, stealing data within the virtual walls of a well-defended organization, while by no means impossible, is hardly an easy task; to do so, actors must gain access, navigate the targeted network, and exfiltrate the data while remaining undetected.

 

MFT programs, by contrast, typically face the open Internet. Thus, compromising these file-transfer points is far less involved. This situation plays into the hands of threat actors as it gives them the ability to access and exfiltrate data at scale, which is now the norm for ransomware attacks. Unlike traditional ransomware attacks that require threat actors to encrypt data and offer a decryption key in exchange for payment, many criminals now simply steal data and demand payment.

 

A holistic approach

 

As with most cybersecurity situations. There’s no silver bullet when it comes to preventing MFT attacks. Instead, what’s required is a proactive attitude and a holistic approach to risk reduction:

 

  • Comprehensive security assessments: Regularly conduct thorough security assessments of the MFT infrastructure to identify vulnerabilities and potential weaknesses. Perform penetration testing to simulate real-world attack scenarios and validate the effectiveness of existing security measures.

 

  • Patch management and updates: Implement a robust patch management process to promptly address any known vulnerabilities in MFT software and associated systems. Keep all software components up to date, including operating systems, libraries, and third-party applications.

 

  • Access controls and authentication: Enforce strict access controls and role-based permissions to limit data exposure and prevent unauthorized access. Implement multi-factor authentication to strengthen the authentication process.

 

  • Encryption and security protocols: Encrypt data both in transit and at rest using strong encryption algorithms to safeguard against interception and unauthorized access. Utilize secure file-transfer protocols such as SFTP or FTPS instead of plain FTP.

 

  • Threat hunting: Proactive threat hunting is crucial in today’s world to find and halt hidden threats before damage is done—being reactive is not good enough. That means looking for Indicators of Behavior or Compromise (IoB/IoC), or having professionals do it for you, such as with Trustwave’s Advanced Continual Threat Hunting

 

  • Continuous monitoring and log analysis: Deploy a robust monitoring system to track MFT activities and detect anomalies or suspicious behaviour in real-time. Analyze logs regularly to identify potential security incidents and respond proactively.

 

  • Employee awareness and training: Conduct regular security awareness training sessions for employees to educate them about threats and safe practices. And this advice, while old, remains as valid as ever: Promote a culture of cybersecurity awareness within the organization.

 

  • Backup and disaster recovery: Regularly back up critical data, and maintain an effective disaster recovery plan to ensure business continuity in case of attack.

 

  • Managed Detection and Response Service: Implement an MDR service, such as Trustwave MDR, as an additional layer to detect, investigate, and respond to abnormal activity and attempts at lateral movement. MDR solutions can provide real-time threat detection and response capabilities, helping to identify and mitigate attacks promptly.

 

It would be comforting to learn there’s a one-size-fits-all solution to the vulnerabilities inherent in MFT software—but that’s not the case. As always, security leaders must remain vigilant and adapt to evolving threats.

ABOUT TRUSTWAVE

Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.

Tips & Tricks

Latest Intelligence

Top Database Security Tools for Enhanced Vulnerability Assessment and Compliance
Beyond Compliance: Building a Resilient Security Strategy with the ISM and Essential Eight
Trustwave and Cybereason Join Forces to Create a Leading Global MDR Provider, Offering Unmatched Cybersecurity Value

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo