Progress Software patch highlights security vulnerabilities of critical infrastructure

Progress Software recently patched a high-severity authentication bypass in its MOVEit managed file transfer solution.

Known as CVE-2024-5806, this flaw follows a major ransomware campaign by the CLOP gang in May 2023, which exploited a zero-day SQL Injection vulnerability in MOVEit Transfer.

Scott Caveza, Staff Research Engineer at Tenable, noted, "While this is not the first time we’ve seen a vendor take measures to protectively warn and secure customers prior to public acknowledgment of a vulnerability, it could have been a risky move." Caveza expressed concerns over the potential for malicious actors to exploit the vulnerability during its disclosure processes.

Despite no reported exploitation of this flaw in the wild, Caveza recommended patching the vulnerability as a precautionary measure to safeguard sensitive data. He underscored the severity of the risk while highlighting the need for additional steps by attackers to exploit the vulnerability.

Paul Prudhomme, Principal Security Analyst at SecurityScorecard, also commented on the emergence of the CVE-2024-5806 vulnerability in MOVEit Transfer. He remarked on the significant impact of such vulnerabilities on organisations, noting, "The widespread use of MOVEit across hundreds of organisations magnifies the potential impact of this vulnerability, highlighting how a single flaw in third-party software can expose vast amounts of sensitive data to malicious actors."

Prudhomme advised that patching alone isn't sufficient; organisations must adopt a layered security approach. This encompasses regular vulnerability assessments, continuous monitoring of vendor security postures, and proactive risk management. By combining patching with these measures, organisations can build resilience against evolving cyber threats.

As incidents like these continue to highlight vulnerabilities within critical infrastructure and essential services, experts agree that a multi-faceted and proactive approach to cybersecurity is essential for mitigating risks and ensuring the continuity of vital operations.

As a recent example of catching a vulnerability too late, the cyberattack on London's Synnovis healthcare services provider has significantly disrupted clinical care within several hospitals and primary care providers across the city. Synnovis, which specialises in pathology services, has been thrust into the spotlight, as the attack underscores the vital role and potential vulnerabilities of key suppliers in the healthcare sector.

Simon Hodgkinson, Strategic Advisor at Semperis, reflected on the incident, stating, "The latest cyberattack on Synnovis is having a significant impact on the delivery of clinical care in several hospitals in London. Synnovis provides pathology services to several hospitals and primary care providers in London." Hodgkinson highlighted the critical nature of the attack, emphasising how it disrupts essential services and puts patients' lives at risk.

Hodgkinson also emphasised the importance of examining the security measures in place from the point of care, alongside the supportive processes and systems that enable clinical outcomes. At the core of the digital ecosystem stands the identity platform, with Active Directory (AD) being commonly used in over 90% of organisations. He warned of the frequent misconfigurations within these platforms that cybercriminals often exploit.

Although there is no concrete evidence to suggest the cyberattack specifically targeted the NHS, Hodgkinson noted the incident's broader implications. He stressed the necessity of understanding the entire supply chain and ensuring that suppliers have robust security controls and tested recovery plans.