HomeTechnologyExplained: How MOVEit Breach Shows Hackers' Interest In File Transfer Tools -...

Explained: How MOVEit Breach Shows Hackers’ Interest In File Transfer Tools – UnlistedNews

Ransom-seeking hackers have become increasingly greedy in the world of managed file transfer (MFT) software, looting sensitive data that is exchanged between organizations and their partners in a bid to earn big payouts.

Governments and businesses around the world are scrambling to deal with the fallout from a massive compromise made public Thursday that was tied to Progress Software’s MOVEit Transfer product. In 2021, Accellion’s file transfer device was exploited by hackers, and earlier this year, Fortra’s GoAnywhere MFT was compromised to steal data from more than 100 companies.

So what is MFT software? And why are hackers so interested in subverting it?

corporate dropboxes

FTA, GoAnywhere MFT, and MOVEit Transfer are corporate versions of file-sharing programs that consumers use all the time, like Dropbox or WeTransfer. MFT software often promises the ability to automate data movement, transfer documents at scale, and provide granular control over who can access what.

Consumer programs may be fine for exchanging files between people, but MFT software is what you need to exchange data between systems, said James Lewis, managing director of UK-based Pro2col, which advises on such systems.

“Dropbox and WeTransfer do not provide the workflow automation that the MFT software offers,” he said.

MFT programs can be tempting targets

Running an extortion operation against a well-defended corporation is reasonably difficult, said Allan Liska, an analyst at Recorded Future. Hackers need to establish a foothold, navigate through their victim’s network, and extract data, all without being detected.

By contrast, subverting an MFT program, which is usually pitted against the open internet, was something more akin to tearing down a convenience store, he said.

“If you can get to one of these file transfer points, all the data is there. Wham. Bam. In. Out.”

Hacker tactics are changing

Gathering data in that way is becoming an increasingly important part of the way hackers operate.

Typical digital extortionists still encrypt a company’s network and demand payment to decrypt it. They could also threaten to leak the data in an effort to increase the pressure. But some are now abandoning the finicky business of encrypting data in the first place.

Increasingly, “a lot of ransomware groups want to stop encrypting and extorting and just extorting,” Liska said.

Joe Slowik, a manager at cybersecurity firm Huntress, said the move to pure extortion was “a potentially smart move.”

“Avoid the disturbing element of these incidents that attract the attention of law enforcement,” he said.

© Thomson Reuters 2023

Apple introduced its first mixed reality headset, the Apple Vision Pro, at its annual developer conference, along with new Mac models and upcoming software updates. We discuss all the biggest announcements made by the company at WWDC 2023 on Orbital, the Gadgets 360 podcast. Orbital is available at Spotify, gana, jiosaavn, Google Podcasts, Apple Podcasts, amazon music and wherever you get your podcasts.
Affiliate links can be generated automatically; see our ethics statement for more details.


Sara Marcus
Sara Marcushttps://unlistednews.com
Meet Sara Marcus, our newest addition to the Unlisted News team! Sara is a talented author and cultural critic, whose work has appeared in a variety of publications. Sara's writing style is characterized by its incisiveness and thought-provoking nature, and her insightful commentary on music, politics, and social justice is sure to captivate our readers. We are thrilled to have her join our team and look forward to sharing her work with our readers.


Please enter your comment!
Please enter your name here

Most Popular

Recent Comments