Trustwave achieves verified MXDR solution and FastTrack ready partner status from Microsoft. Learn More

Trustwave achieves verified MXDR solution and FastTrack ready partner status from Microsoft. Learn More

Managed Detection & Response

Eradicate cyberthreats with world-class intel and expertise

Managed Security Services

Expand your team’s capabilities and strengthen your security posture

Consulting & Professional Services

Tap into our global team of tenured cybersecurity specialists

Penetration Testing

Subscription- or project-based testing, delivered by global experts

Database Security

Get ahead of database risk, protect data and exceed compliance requirements

Email Security & Management

Catch email threats others miss with layered security & maximum control

Co-Managed SOC (SIEM)

Eliminate alert fatigue, focus your SecOps team, stop threats fast, and reduce cyber risk

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
The Trustwave Approach
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Platform
SpiderLabs Fusion Center
Security Operations Centers
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

9 Steps to Protect Against the Next MOVEit/MFT Attack

By now, the facts of the recent MOVEit breach are well known (although the victim total keeps climbing), but it never hurts to be reminded that these attacks do not take place in a vacuum and threat actors are more than happy to repeatedly use the same tactics if their targets remain vulnerable.


Trustwave SpiderLabs, has tracked and documented these events explaining how threat actors were found to be exploiting three vulnerabilities, including a zero-day, (CVE-2023-34362, CVE-2023-35036. and CVE-2023-35708) in the popular Progress Software managed file transfer (MFT) tool, resulting in adversaries gaining escalated privileges and unauthorized data access.


The vulnerability, an SQL injection, was soon patched—but not before more than 500 organizations (including US federal agencies) and millions of users were affected.


The MOVEit breach is merely the most highly publicized example of a trend in which threat actors target MFT software. Why the interest in MFT? Well, stealing data within the virtual walls of a well-defended organization, while by no means impossible, is hardly an easy task; to do so, actors must gain access, navigate the targeted network, and exfiltrate the data while remaining undetected.


MFT programs, by contrast, typically face the open Internet. Thus, compromising these file-transfer points is far less involved. This situation plays into the hands of threat actors as it gives them the ability to access and exfiltrate data at scale, which is now the norm for ransomware attacks. Unlike traditional ransomware attacks that require threat actors to encrypt data and offer a decryption key in exchange for payment, many criminals now simply steal data and demand payment.


A holistic approach


As with most cybersecurity situations. There’s no silver bullet when it comes to preventing MFT attacks. Instead, what’s required is a proactive attitude and a holistic approach to risk reduction:


  • Comprehensive security assessments: Regularly conduct thorough security assessments of the MFT infrastructure to identify vulnerabilities and potential weaknesses. Perform penetration testing to simulate real-world attack scenarios and validate the effectiveness of existing security measures.


  • Patch management and updates: Implement a robust patch management process to promptly address any known vulnerabilities in MFT software and associated systems. Keep all software components up to date, including operating systems, libraries, and third-party applications.


  • Access controls and authentication: Enforce strict access controls and role-based permissions to limit data exposure and prevent unauthorized access. Implement multi-factor authentication to strengthen the authentication process.


  • Encryption and security protocols: Encrypt data both in transit and at rest using strong encryption algorithms to safeguard against interception and unauthorized access. Utilize secure file-transfer protocols such as SFTP or FTPS instead of plain FTP.


  • Threat hunting: Proactive threat hunting is crucial in today’s world to find and halt hidden threats before damage is done—being reactive is not good enough. That means looking for Indicators of Behaviour or Compromise (IoB/IoC), or having professionals do it for you, such as with Trustwave’s Advanced Continual Threat Hunting


  • Continuous monitoring and log analysis: Deploy a robust monitoring system to track MFT activities and detect anomalies or suspicious behaviour in real-time. Analyze logs regularly to identify potential security incidents and respond proactively.


  • Employee awareness and training: Conduct regular security awareness training sessions for employees to educate them about threats and safe practices. And this advice, while old, remains as valid as ever: Promote a culture of cybersecurity awareness within the organization.


  • Backup and disaster recovery: Regularly back up critical data, and maintain an effective disaster recovery plan to ensure business continuity in case of attack.


  • Managed Detection and Response Service: Implement an MDR service, such as Trustwave MDR, as an additional layer to detect, investigate, and respond to abnormal activity and attempts at lateral movement. MDR solutions can provide real-time threat detection and response capabilities, helping to identify and mitigate attacks promptly.


It would be comforting to learn there’s a one-size-fits-all solution to the vulnerabilities inherent in MFT software—but that’s not the case. As always, security leaders must remain vigilant and adapt to evolving threats.