Explained: How MOVEit Breach Shows Hackers' Interest in File Transfer Tools

Ransom-seeking hackers have increasingly turned a greedy eye toward the world of managed file transfer (MFT) software, plundering the sensitive data being exchanged between organizations and their partners in a bid to win big payouts.

Governments and companies globally are scrambling to deal with the consequences of a mass compromise made public on Thursday that was tied to Progress Software's MOVEit Transfer product. In 2021 Accellion's File Transfer Appliance was exploited by hackers and earlier this year Fortra's GoAnywhere MFT was compromised to steal data from more than 100 companies.

So what is MFT software? And why are hackers so keen to subvert it?

Corporate dropboxes

FTA, GoAnywhere MFT, and MOVEit Transfer are corporate versions of file sharing programs consumers use all the time, like Dropbox or WeTransfer. MFT software often promises the ability to automate the movement of data, transfer documents at scale and provide fine-grained control over who can access what.

Consumer programs might be fine for exchanging files between people but MFT software is what you want to exchange data between systems, said James Lewis, the managing director of UK-based Pro2col, which consults on such systems.

"Dropbox and WeTransfer don't provide the workflow automation that MFT software can," he said.

MFT programs can be tempting targets

Running an extortion operation against a well-defended corporation is reasonably difficult, said Recorded Future analyst Allan Liska. Hackers need to establish a foothold, navigate through their victim's network and exfiltrate data — all while remaining undetected.

By contrast, subverting an MFT program — which typically faces the open internet — was something more akin to knocking over a convenience store, he said.

"If you can get to one of these file transfer points, all the data is right there. Wham. Bam. You go in. You get out."

Hacker tactics are shifting

Scooping up data that way is becoming an increasingly important part of the way hackers operate.

Typical digital extortionists still encrypt a company's network and demands payment to unscramble it. They might also threaten to leak the data in an effort to increase the pressure. But some are now dropping the finicky business of encrypting the data in the first place.

Increasingly, "a lot of ransomware groups want to move away from encrypt-and-extort to just extort," Liska said.

Joe Slowik, a manager with the cybersecurity company Huntress, said the switch to pure extortion was "a potentially smart move."

"It avoids the disruptive element of these incidents that attract law enforcement attention," he said.

Apple unveiled its first mixed reality headset, the Apple Vision Pro, at its annual developer conference, along with new Mac models and upcoming software updates. We discuss all the most important announcements made by the company at WWDC 2023 on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

from Gadgets 360 https://ift.tt/J8aSNUh

Apple Said to Halt Use of YTMC Chips Amid Stricter US Export Rules: Report

Apple is said to have halted its use of memory chips from YMTC, or Yangtze Memory Technologies Co. The Cupertino company has reportedly paused the use of NAND flash memory chips which were expected to... from Gadgets 360 https://ift.tt/RNyUlDO

Itel P55 With Dual Rear Cameras, 5,000mAh Battery Launched in India: Price, Specifications

Itel P55 5G was launched in India on Tuesday and it claims to be the cheapest 5G smartphone in the country. The phone is powered by an octa-core Dimensity chipset and supports wired fast charging. It carries an AI-powered dual rear camera unit and is offered in a single storage variant along with two colour options. Itel India also introduced the Itel S23+ alongside, and is a budget smartphone with a curved AMOLED display. The company is extending a two-year warranty on the handsets and is also offering free screen replacement within 100 days of purchase. Itel P55 5G price in India, availability Offered in Blue and Green colour options, the singular 8GB + 128GB variant of the Itel P55 5G is priced at Rs. 9,999. The phone will be available for purchase via Amazon India starting October 4. Itel P55 5G specifications, features Sporting a 6.6-inch HD+ (1600 x 700 pixels) display, the dual nano SIM-supported Itel P55 comes with a refresh rate of 90Hz. The phone is powered by an octa-co...

Best Smartphones of 2022

When you think of the ‘best smartphones' of the year, it's easy to just picture expensive, flagship phones. However, like every year, we've had some real standout mid-range offerings as well in 2022 that might not go toe-to-toe with proper flagships, but offer enough performance and features at much more affordable prices. Folding phones continued to get better in 2022 thanks to Samsung pioneering this segment in India, while charging speeds reached new heights. However, the big focus for all the phones on our list is cameras. We've seen smartphones with incredible zoom perfjoamcne, high-resolution sensors, and next-level video stabilisation for content creators. Depending on your budget and requirements, there's something for everyone in our list. All these smartphones have been reviewed by us and we've chosen only the best of the best, based on the ratings they received and what we felt were unique enough offerings that still stand out, even today. Here's...

Techall for you

Search This Blog