MOVEit

MOVEit is a managed file transfer software product produced by Ipswitch, Inc. (now part of Progress Software). MOVEit encrypts files and uses file transfer protocols such as FTP(S) or SFTP to transfer data, as well as providing automation services, analytics and failover options. The software has been used in the healthcare industry by companies such as Rochester Hospital and Medibank, as well as thousands of IT departments in high technology, government, and financial service companies like Zellis.

History
MOVEit was released in 2002 by Standard Networks. In 2006, the company released integration between MOVEit and antivirus software to stop the transfer of infected files.

Ipswitch acquired MOVEit in 2008 when the company purchased Standard Networks. MOVEit Cloud was announced in 2012 as a cloud-based file transfer management software. MOVEit Cloud was the first enterprise-class cloud managed file transfer software. It is scalable and can share files system-to-system, with groups, or person-to-person.

In 2013, MOVEit clients were released for the iOS and Android platforms. The release included a configuration wizard, as well as email encryption.

Ipswitch Analytics was released in 2015 to monitor and report data through the MOVEit software. The analytic data includes an activity monitor and automated report creation. Ipswitch Analytics can access data from MOVEit file transfer and automation servers. That same year, Ipswitch Failover was released. The software can return recovery point objectives (RPO) in seconds with a recovery time objectives (RTO) of less than a minute, which increases the availability of MOVEit.

2023 data breach
On 31 May 2023, Progress reported a SQL injection vulnerability in MOVEit Transfer and MOVEit Cloud (CVE-2023-34362). The vulnerability's use was widely exploited in late May 2023. The 31 May vulnerability allows an attacker to access MOVEit Transfer's database from its web application without authenticating. The attacker may then be able to execute SQL statements that alter or delete entries in the database, and infer information about the structure and contents of the database. Data exfiltration in the widespread May-June attacks by the Russian-speaking cyber crime group Cl0p may have been primarily focused on data stored using Microsoft Azure. Upon discovery, Progress launched an investigation, alerted its customers of the issue and provided mitigation steps (blocking all HTTP and HTTPS traffic to MOVEit), followed by the development and release of a security patch. On 15 June, another vulnerability that could lead to unauthorized access became public (CVE-2023-35708).

In 2023, it was published that the 31 May 2023 zero-day vulnerability had been exploited by attackers. On 7 June 2023, cyber gang Clop, believed to be Russian-based, made a blog posting saying that they had gained access to MOVEit transactions worldwide, and that organisations using MOVEit had until 14 June to contact Clop and pay a ransom, otherwise stolen information would be published. Details typically include payroll data with fields such as home addresses, National Insurance numbers, and bank details, but vary. The group said that they had information from eight UK organisations including the BBC, derived by an attack on payroll services provider Zellis. It was surmised that contact via blog post rather than email to victims might be due to the enormous number of victims, being too many to handle individually.


 * Response

The MOVEit team has worked with industry experts to investigate the May 31 incident. Cybersecurity and Infrastructure Security Agency (CISA), CrowdStrike, Mandiant, Microsoft, Huntress and Rapid7 have assisted with incident response and ongoing investigations. Cyber industry experts have credited the MOVEit team for its response and handling of the incident by quickly providing patches, as well as regular and informative advisories that helped support rapid remediation. Despite the attempts by the company to remediate the vulnerabilities, hundreds of companies across the world had exorbitant amounts of confidential information stolen due to the weaknesses in the software. The effects of the MOVEit breach are still being revealed as of November 2023. It is estimated that the stolen data will be abused for many years to come.