top of page
Search

MoveIT and The Relationship Between Malware and Zero Trust

  • Writer: Michael Friedrich
    Michael Friedrich
  • Jul 26, 2023
  • 3 min read

A new cyberattack campaign by the C10P threat group recently exploited a zero-day vulnerability in the MOVEit file transfer product from MOVEit Solutions. The vulnerability allowed the attackers to gain unauthorized access to the victim's network and steal sensitive data.


The C10P campaign is significant because it represents a new era in cyberattacks. In the past, cyberattacks were often targeted at specific organizations or individuals. However, the C10P campaign is more indiscriminate. The attackers exploit a vulnerability in a widely used software product, which means they could target any organization using MOVEit Solutions.


The vulnerability in MOVEit Solutions is a remote code execution vulnerability. This means the attackers could exploit the vulnerability to run arbitrary code on the victim's computer. Once the attackers have gained control of the victim's computer, they could use it to steal sensitive data or install malware. This threat is dangerous to the network, user, system, and data. This threat also crosses into recent discussions I have written about in the software supply chain. Organizations need to embrace Zero Trust urgently to deal with these solutions effectively.


Zero Trust is a security model that assumes no one is trusted, not even within the organization. This means that all access to resources is strictly controlled, and every request must be authenticated and authorized. Zero Trust can help to reduce the risk of cyberattacks like the C10P campaign by making it more difficult for attackers to gain unauthorized access to the network. Here are some specific ways that Zero Trust could help to reduce the risk of a cyberattack like the C10P campaign:


  • Micro-segmentation: Micro-segmentation is a technique that divides the network into smaller, more isolated segments. This makes it more difficult for attackers to move laterally through the network once they have gained access. For example, if the MOVEit Solutions server is isolated from the rest of the network, an attacker who gains access to the server would be unable to access other parts of the network.

  • Least privilege: Least privilege is a principle that users should only be granted the permissions needed to do their job. This helps to reduce the risk of attackers exploiting vulnerabilities to gain unauthorized access to resources. For example, if a user only needs to use MOVEit Solutions to transfer files, they should only be granted the permissions they need to do that.

  • Continuous monitoring: Continuous monitoring is constantly monitoring the network for suspicious activity. This helps to identify and respond to cyberattacks quickly before they can cause damage. For example, if an attacker attempts to exploit the vulnerability in MOVEit Solutions, then a continuous monitoring system would be able to detect the attempt and alert the security team.


In addition to the technical measures mentioned above, organizations can also take steps to improve their security awareness and reduce the risk of human error. This includes training employees to identify and report phishing emails, create strong passwords, and regularly change them. By taking these steps, organizations can help create a more secure environment that is less vulnerable to cyberattacks. Organizations can do several other things to reduce the risk of cyberattacks, like the C10P campaign. These include:


  • Keeping software up to date: Software updates often include security patches that can help to protect against known vulnerabilities.

  • Using strong passwords: Passwords should be unique and changed regularly.

  • Using multi-factor authentication: multi-factor authentication adds an extra layer of security by requiring users to enter a code from their phone in addition to their password.

  • Awareness of phishing emails: Phishing emails are a common way attackers try to access systems. Employees should be trained to identify and report phishing emails.

  • Having a security incident response plan: A security incident response plan will help organizations to respond to cyberattacks quickly and effectively.


By taking these steps, organizations can help to reduce the risk of cyberattacks and protect their assets.


Finally, I’d like to dive further into the C10P campaign. The C10P threat group is a relatively new group that has been active since early 2022. The group is known for using various attack techniques, including phishing, malware, and zero-day vulnerabilities. The group has targeted multiple organizations, including government agencies, businesses, and educational institutions.


The C10P campaign that exploited the vulnerability in MOVEit Solutions was particularly notable because it was the first time the group had used a zero-day vulnerability. Zero-day vulnerabilities are unknown to the software vendor and have not yet been patched. This makes them particularly dangerous because there is no way to protect against them. The C10P campaign is a reminder that cyberattacks are becoming increasingly sophisticated.


bottom of page