Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Another day, another file management tool that threat actors have managed to exploit.
Illinois-based ecosystem integration software company Cleo announced that it has issued a patch to address what some researchers described as a “0-day-ish” vulnerability that impacted versions up to 5.8.0.21 of its Cleo LexiCom, VLTrader, and Harmony products.
The security patch to address the flaw, which it has identified as CVE-2024-55956, arrived shortly after security researchers from Huntress unearthed that threat actors were actively exploiting the vulnerability “en masse” and performing post-exploitation activity. The cybersecurity company claimed that exploitation of the vulnerability had been occurring since Dec. 3 and that it has seen at least 10 businesses with compromised Cleo servers.
All about the files. These days, news about security flaws in file management tools isn’t uncommon. The 2023 MOVEit hack, where hackers exploited a since-patched zero-day SQL injection vulnerability, continues to claim victims to this day. Meanwhile, vulnerabilities exploited in Accellion’s File Transfer Appliance in 2021 made headlines after impacting victims such as Kroger and the University of Colorado.
Tanium Chief Security Advisor Tim Morris told us that threat actors are increasingly looking at enterprise file transfer tools as attractive targets in their malicious pursuits.
“These are prime targets, where you have a one-to-many relationship and you can do a little bit of digging and hit a whole lot of gold, versus doing a lot of digging in multiple places and just coming back with a little bit,” Morris said.
Nathaniel Jones, VP of threat research at Darktrace, added that the tools continue to remain popular with threat actors because of the wealth of information they can provide.
“They have a lot of important data, in terms of personnel data, but also company data, things that really shouldn’t be exposed,” Jones said, adding that enterprise file tools are often “overlooked” in security moderation efforts.
Roger Grimes, a data-driven defense evangelist at the security training platform KnowBe4, told IT Brew that attacks against file transfer tools have become more popular following MOVEit.
“I think MOVEit was something that really changed the world,” Grimes said. “It changed the ransomware industry to go, ‘Hey, we need to start targeting these kind of more obscure software programs.’”
Here to stay. Jones told IT Brew that file transfer tools are and will continue to be “juicy targets” for threat actors. He advises that IT professionals ensure that they have a handle on access control policies within their organizations.
“Make sure that group policies are sorted so that users don’t get outside of their normal group,” Jones said.