CYBER ALERT - MOVEit File Transfer Software Vulnerability

At Alliant, we believe helping our clients manage Cyber risk goes beyond the mechanics of the insurance transaction. Accordingly, we are providing you with actionable information around the recently publicized vulnerability in the Progress MOVEit Transfer software solution to help your organization take appropriate action to protect your data from being exfiltrated.

What’s Happening?
Briefly stated, Progress Software Corporation (the parent company of the software developer in question) has reported that a recently discovered vulnerability in MOVEit Transfer (CVE-2023-34362) could be exploited and allow attackers to gain unauthorized access to data, and to execute SQL statements that alter or delete data. All MOVEit transfer versions are impacted by this vulnerability, and the developer has issued patches for each version. According to the IT website Bleeping Computer, threat actors have already begun mass downloading of data from organizations using this file transfer software. However, as of June 1, 2023, there had been no reported incidents of threat actors extorting their victims, and it remained unclear who was behind the attacks.

What can my company do to address this risk?
Progress MOVEit has provided documentation and guidance on remediation. Progress MOVEit’s configuration hardening and patching guidance should be strongly considered by affected organizations, in order to mitigate the risk associated with this vulnerability.

What if I discover that our data has been exfiltrated as a result of this vulnerability?
Should you need to report a claim for a loss arising out of this incident, please contact your Alliant service team. We can assist you with providing notification to the appropriate insurers and put you in touch with qualified incident response vendors.

For more information, contact your Alliant account manager or visit Alliant Cyber 

Additional Resources: PODCAST: What is the MOVEit Vulnerability? What to know and what to do now.