Explainer-How MOVEit breach shows hackers' interest in corporate file transfer tools


FILE PHOTO: A man types on a computer keyboard in front of the displayed cyber code in this illustration picture taken on March 1, 2017.REUTERS/Kacper Pempel/Illustration

(Reuters) - Ransom-seeking hackers have increasingly turned a greedy eye toward the world of managed file transfer (MFT) software, plundering the sensitive data being exchanged between organizations and their partners in a bid to win big payouts.

Governments and companies globally are scrambling to deal with the consequences of a mass compromise made public on Thursday that was tied to Progress Software Corp's MOVEit Transfer product. In 2021 Accellion Inc's File Transfer Appliance was exploited by hackers and earlier this year Fortra's GoAnywhere MFT was compromised to steal data from more than 100 companies.

So what is MFT software? And why are hackers so keen to subvert it?

CORPORATE DROPBOXES

FTA, GoAnywhere MFT, and MOVEit Transfer are corporate versions of file sharing programs consumers use all the time, like Dropbox or WeTransfer. MFT software often promises the ability to automate the movement of data, transfer documents at scale and provide fine-grained control over who can access what.

Consumer programs might be fine for exchanging files between people but MFT software is what you want to exchange data between systems, said James Lewis, the managing director of UK-based Pro2col, which consults on such systems.

"Dropbox and WeTransfer don't provide the workflow automation that MFT software can," he said.

MFT PROGRAMS CAN BE TEMPTING TARGETS

Running an extortion operation against a well-defended corporation is reasonably difficult, said Recorded Future analyst Allan Liska. Hackers need to establish a foothold, navigate through their victim's network and exfiltrate data - all while remaining undetected.

By contrast, subverting an MFT program - which typically faces the open internet - was something more akin to knocking over a convenience store, he said.

"If you can get to one of these file transfer points, all the data is right there. Wham. Bam. You go in. You get out."

HACKER TACTICS ARE SHIFTING

Scooping up data that way is becoming an increasingly important part of the way hackers operate.

Typical digital extortionists still encrypt a company's network and demands payment to unscramble it. They might also threaten to leak the data in an effort to increase the pressure. But some are now dropping the finicky business of encrypting the data in the first place.

Increasingly, "a lot of ransomware groups want to move away from encrypt-and-extort to just extort," Liska said.

Joe Slowik, a manager with the cybersecurity company Huntress, said the switch to pure extortion was "a potentially smart move."

"It avoids the disruptive element of these incidents that attract law enforcement attention," he said.

(Reporting by Raphael Satter; editing by Grant McCool)

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

   

Next In Tech News

Musk now says it's 'pointless' to build a $25,000 Tesla for human drivers
Google defeats lawsuit over gift card fraud
Russian court fines Apple for not deleting two podcasts, RIA reports
GlobalFoundries forecasts upbeat Q4 results on strong demand from smartphone makers
Emerson sharpens automation focus with offer for rest of AspenTech in $15 billion deal
Palantir shares surge to record as AI boom powers forecast raise
Netflix under tax fraud investigation as offices in France and Netherlands raided
Singapore's Keppel to buy Japanese AI-ready data centre
Tesla increases wages for staff at German gigafactory by 4%
Apple explores push into smart glasses with ‘Atlas’ user study

Others Also Read