{"id":8722,"date":"2023-07-20T17:33:44","date_gmt":"2023-07-20T14:33:44","guid":{"rendered":"https:\/\/oberig-it.com\/uncategorized\/the-moveit-zero-day-vulnerability-and-the-importance-of-cross-domain-solutions-in-data-transfer\/"},"modified":"2023-07-27T17:34:28","modified_gmt":"2023-07-27T14:34:28","slug":"the-moveit-zero-day-vulnerability-and-the-importance-of-cross-domain-solutions-in-data-transfer","status":"publish","type":"post","link":"https:\/\/oberig-it.com\/en\/articles\/the-moveit-zero-day-vulnerability-and-the-importance-of-cross-domain-solutions-in-data-transfer\/","title":{"rendered":"The MOVEit Zero-Day Vulnerability and the Importance of Cross Domain Solutions in Data Transfer"},"content":{"rendered":"<p>There has been much discussion around the recently discovered <a href=\"https:\/\/www.scmagazine.com\/news\/millions-users-vulnerable-zero-day-moveit-file-transfer-app\" target=\"_blank\" rel=\"noopener\"><span style=\"color: #0000ff;\">MOVEit zero-day vulnerability<\/span><\/a>, which is a Managed File Transfer solution that is deployed widely across Critical infrastructure providers, US government and commercial enterprises.<br \/>\nOne of the main problems is simply having an internet-facing Managed File Transfer solution. It is still early days, but it looks like the exploit uses an <a href=\"https:\/\/www.rapid7.com\/blog\/post\/2023\/06\/01\/rapid7-observed-exploitation-of-critical-moveit-transfer-vulnerability\/\" target=\"_blank\" rel=\"noopener\"><span style=\"color: #0000ff;\">SQL injection vulnerability<\/span><\/a> in the internet facing half of the software.<\/p>\n<p>This then allows the attacker to gain a foothold where they can then gain persistence using webshell code that allows for a command and control infrastructure to be set up. This allows the attacker to then do the following on the server:<\/p>\n<ul>\n<li>Retrieve a list of stored files, the username who uploaded the files, and their file paths.<\/li>\n<li>Insert and delete a new random named MOVEit Transfer user with the login name &#8216;Health Check Service&#8217; and create new MySQL sessions.<\/li>\n<li>Retrieve information about the configured Azure Blob Storage account, including the AzureBlobStorageAccount, AzureBlobKey, and AzureBlobContainer settings, as described in this <a href=\"https:\/\/docs.progress.com\/ru-RU\/bundle\/moveit-automation-web-admin-help-2023\/page\/Azure-Blob-Storage-Host-Field-Descriptions.html\" target=\"_blank\" rel=\"noopener\"><span style=\"color: #0000ff;\">Progress help article<\/span><\/a>.<br \/>\nThe threat actors can use this information to then steal data directly from victim&#8217;s Azure Blob Storage containers.<\/li>\n<li>Download files from the server.<\/li>\n<\/ul>\n<p><strong>Mitigating the attack using Cross Domain technologies<\/strong><\/p>\n<p>Cross Domain Technologies are used widely within governments around the world to mitigate advanced attacks. Within the Forcepoint product portfolio, there are two commercially available products that would have mitigated this attack if paired with the MOVEit software. These products are <a href=\"https:\/\/www.forcepoint.com\/product\/data-guard\" target=\"_blank\" rel=\"noopener\"><span style=\"color: #0000ff;\">Data Guard<\/span><\/a> and the <a href=\"https:\/\/www.forcepoint.com\/product\/high-speed-verifier\" target=\"_blank\" rel=\"noopener\"><span style=\"color: #0000ff;\">High Speed Verifier<\/span><\/a>. The Data Guard can be used as an SCP file transfer solution. By using the Data Guard as a way of separating the two networks, this would ensure that any basic SQL injection attacks against the MOVEit software would be stopped. Then the MOVEit transfer software can move the file into the destination folder:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-8255 size-full aligncenter\" src=\"https:\/\/oberig-it.com\/wp-content\/uploads\/2023\/07\/malyunok-1-forcepoint-vrazlyvist-nulovogo-dnya-moveit-ta-vazhlyvist-kros-domennyh-rishen-pry-peredachi-danyh.jpg\" alt=\"\" width=\"953\" height=\"312\" srcset=\"https:\/\/oberig-it.com\/wp-content\/uploads\/2023\/07\/malyunok-1-forcepoint-vrazlyvist-nulovogo-dnya-moveit-ta-vazhlyvist-kros-domennyh-rishen-pry-peredachi-danyh.jpg 953w, https:\/\/oberig-it.com\/wp-content\/uploads\/2023\/07\/malyunok-1-forcepoint-vrazlyvist-nulovogo-dnya-moveit-ta-vazhlyvist-kros-domennyh-rishen-pry-peredachi-danyh-300x98.jpg 300w, https:\/\/oberig-it.com\/wp-content\/uploads\/2023\/07\/malyunok-1-forcepoint-vrazlyvist-nulovogo-dnya-moveit-ta-vazhlyvist-kros-domennyh-rishen-pry-peredachi-danyh-768x251.jpg 768w, https:\/\/oberig-it.com\/wp-content\/uploads\/2023\/07\/malyunok-1-forcepoint-vrazlyvist-nulovogo-dnya-moveit-ta-vazhlyvist-kros-domennyh-rishen-pry-peredachi-danyh-24x8.jpg 24w, https:\/\/oberig-it.com\/wp-content\/uploads\/2023\/07\/malyunok-1-forcepoint-vrazlyvist-nulovogo-dnya-moveit-ta-vazhlyvist-kros-domennyh-rishen-pry-peredachi-danyh-36x12.jpg 36w, https:\/\/oberig-it.com\/wp-content\/uploads\/2023\/07\/malyunok-1-forcepoint-vrazlyvist-nulovogo-dnya-moveit-ta-vazhlyvist-kros-domennyh-rishen-pry-peredachi-danyh-48x16.jpg 48w\" sizes=\"auto, (max-width: 953px) 100vw, 953px\" \/><\/p>\n<p>&nbsp;<\/p>\n<p>For added assurance, the Forcepoint High Speed Verifier can be deployed. The deployment of a hardware verification appliance between the two networks ensures that the data traversing between them remains uncompromised by malware, enhancing the levels of assurance even further.<\/p>\n<p>In conclusion, Cross Domain Data Transfer solutions play a crucial role in safeguarding organizations against a wide range of attacks, both advanced and basic. By implementing either software or hardware separation between an organization&#8217;s internal network and its internet-facing network, these solutions provide a robust defence mechanism. They effectively prevent unauthorized access and mitigate the risk of data breaches, ensuring the integrity and security of sensitive information. Whether it&#8217;s defending against sophisticated cyber threats like the MOVEit zero-day or stopping more conventional attack vectors, Cross Domain Data Transfer solutions offer a comprehensive solution that empowers organizations to protect their digital assets with confidence.<\/p>\n<p><strong>Source:<\/strong> <a href=\"https:\/\/www.forcepoint.com\/blog\/x-labs\/moveit-zero-day-cross-domain-solutions-data-transfer\" target=\"_blank\" rel=\"noopener\"><span style=\"color: #0000ff;\">The MOVEit Zero-Day Vulnerability and the Importance of Cross Domain Solutions in Data Transfer<\/span><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>There has been much discussion around the recently discovered MOVEit zero-day vulnerability, which is a Managed File Transfer solution that is deployed widely across Critical infrastructure providers, US government and commercial enterprises. One of the main problems is simply having an internet-facing Managed File Transfer solution. It is still early days, but it looks like [&hellip;]<\/p>\n","protected":false},"author":850,"featured_media":8262,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[142],"tags":[],"class_list":["post-8722","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-articles"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>The MOVEit Zero-Day Vulnerability and the Importance of Cross Domain Solutions in Data Transfer \u261d Oberig IT blog<\/title>\n<meta name=\"description\" content=\"The MOVEit Zero-Day Vulnerability and the Importance of Cross Domain Solutions in Data Transfer \u26a1 Oberig IT blog for integrator partners, vendors and end customers\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/oberig-it.com\/en\/articles\/the-moveit-zero-day-vulnerability-and-the-importance-of-cross-domain-solutions-in-data-transfer\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The MOVEit Zero-Day Vulnerability and the Importance of Cross Domain Solutions in Data Transfer \u261d Oberig IT blog\" \/>\n<meta property=\"og:description\" content=\"The MOVEit Zero-Day Vulnerability and the Importance of Cross Domain Solutions in Data Transfer \u26a1 Oberig IT blog for integrator partners, vendors and end customers\" \/>\n<meta property=\"og:url\" content=\"https:\/\/oberig-it.com\/en\/articles\/the-moveit-zero-day-vulnerability-and-the-importance-of-cross-domain-solutions-in-data-transfer\/\" \/>\n<meta property=\"og:site_name\" content=\"Oberig IT\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Oberig.disti\" \/>\n<meta property=\"article:published_time\" content=\"2023-07-20T14:33:44+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-07-27T14:34:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/oberig-it.com\/wp-content\/uploads\/2023\/07\/dajdzhest-lipen23.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1875\" \/>\n\t<meta property=\"og:image:height\" content=\"625\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Albekova Paula\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Albekova Paula\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The MOVEit Zero-Day Vulnerability and the Importance of Cross Domain Solutions in Data Transfer \u261d Oberig IT blog","description":"The MOVEit Zero-Day Vulnerability and the Importance of Cross Domain Solutions in Data Transfer \u26a1 Oberig IT blog for integrator partners, vendors and end customers","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/oberig-it.com\/en\/articles\/the-moveit-zero-day-vulnerability-and-the-importance-of-cross-domain-solutions-in-data-transfer\/","og_locale":"en_US","og_type":"article","og_title":"The MOVEit Zero-Day Vulnerability and the Importance of Cross Domain Solutions in Data Transfer \u261d Oberig IT blog","og_description":"The MOVEit Zero-Day Vulnerability and the Importance of Cross Domain Solutions in Data Transfer \u26a1 Oberig IT blog for integrator partners, vendors and end customers","og_url":"https:\/\/oberig-it.com\/en\/articles\/the-moveit-zero-day-vulnerability-and-the-importance-of-cross-domain-solutions-in-data-transfer\/","og_site_name":"Oberig IT","article_publisher":"https:\/\/www.facebook.com\/Oberig.disti","article_published_time":"2023-07-20T14:33:44+00:00","article_modified_time":"2023-07-27T14:34:28+00:00","og_image":[{"width":1875,"height":625,"url":"https:\/\/oberig-it.com\/wp-content\/uploads\/2023\/07\/dajdzhest-lipen23.png","type":"image\/png"}],"author":"Albekova Paula","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Albekova Paula","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/oberig-it.com\/en\/articles\/the-moveit-zero-day-vulnerability-and-the-importance-of-cross-domain-solutions-in-data-transfer\/#article","isPartOf":{"@id":"https:\/\/oberig-it.com\/en\/articles\/the-moveit-zero-day-vulnerability-and-the-importance-of-cross-domain-solutions-in-data-transfer\/"},"author":{"name":"Albekova Paula","@id":"https:\/\/oberig-it.com\/en\/#\/schema\/person\/9d804f9c469169d256ca04bc0446793d"},"headline":"The MOVEit Zero-Day Vulnerability and the Importance of Cross Domain Solutions in Data Transfer","datePublished":"2023-07-20T14:33:44+00:00","dateModified":"2023-07-27T14:34:28+00:00","mainEntityOfPage":{"@id":"https:\/\/oberig-it.com\/en\/articles\/the-moveit-zero-day-vulnerability-and-the-importance-of-cross-domain-solutions-in-data-transfer\/"},"wordCount":478,"commentCount":0,"publisher":{"@id":"https:\/\/oberig-it.com\/en\/#organization"},"image":{"@id":"https:\/\/oberig-it.com\/en\/articles\/the-moveit-zero-day-vulnerability-and-the-importance-of-cross-domain-solutions-in-data-transfer\/#primaryimage"},"thumbnailUrl":"https:\/\/oberig-it.com\/wp-content\/uploads\/2023\/07\/dajdzhest-lipen23.png","articleSection":["Articles"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/oberig-it.com\/en\/articles\/the-moveit-zero-day-vulnerability-and-the-importance-of-cross-domain-solutions-in-data-transfer\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/oberig-it.com\/en\/articles\/the-moveit-zero-day-vulnerability-and-the-importance-of-cross-domain-solutions-in-data-transfer\/","url":"https:\/\/oberig-it.com\/en\/articles\/the-moveit-zero-day-vulnerability-and-the-importance-of-cross-domain-solutions-in-data-transfer\/","name":"The MOVEit Zero-Day Vulnerability and the Importance of Cross Domain Solutions in Data Transfer \u261d Oberig IT blog","isPartOf":{"@id":"https:\/\/oberig-it.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/oberig-it.com\/en\/articles\/the-moveit-zero-day-vulnerability-and-the-importance-of-cross-domain-solutions-in-data-transfer\/#primaryimage"},"image":{"@id":"https:\/\/oberig-it.com\/en\/articles\/the-moveit-zero-day-vulnerability-and-the-importance-of-cross-domain-solutions-in-data-transfer\/#primaryimage"},"thumbnailUrl":"https:\/\/oberig-it.com\/wp-content\/uploads\/2023\/07\/dajdzhest-lipen23.png","datePublished":"2023-07-20T14:33:44+00:00","dateModified":"2023-07-27T14:34:28+00:00","description":"The MOVEit Zero-Day Vulnerability and the Importance of Cross Domain Solutions in Data Transfer \u26a1 Oberig IT blog for integrator partners, vendors and end customers","breadcrumb":{"@id":"https:\/\/oberig-it.com\/en\/articles\/the-moveit-zero-day-vulnerability-and-the-importance-of-cross-domain-solutions-in-data-transfer\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/oberig-it.com\/en\/articles\/the-moveit-zero-day-vulnerability-and-the-importance-of-cross-domain-solutions-in-data-transfer\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/oberig-it.com\/en\/articles\/the-moveit-zero-day-vulnerability-and-the-importance-of-cross-domain-solutions-in-data-transfer\/#primaryimage","url":"https:\/\/oberig-it.com\/wp-content\/uploads\/2023\/07\/dajdzhest-lipen23.png","contentUrl":"https:\/\/oberig-it.com\/wp-content\/uploads\/2023\/07\/dajdzhest-lipen23.png","width":1875,"height":625},{"@type":"BreadcrumbList","@id":"https:\/\/oberig-it.com\/en\/articles\/the-moveit-zero-day-vulnerability-and-the-importance-of-cross-domain-solutions-in-data-transfer\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/oberig-it.com\/en\/"},{"@type":"ListItem","position":2,"name":"The MOVEit Zero-Day Vulnerability and the Importance of Cross Domain Solutions in Data Transfer"}]},{"@type":"WebSite","@id":"https:\/\/oberig-it.com\/en\/#website","url":"https:\/\/oberig-it.com\/en\/","name":"Oberig IT","description":"Distribution of complex IT and information security solutions","publisher":{"@id":"https:\/\/oberig-it.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/oberig-it.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/oberig-it.com\/en\/#organization","name":"Oberig IT","url":"https:\/\/oberig-it.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/oberig-it.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/oberig-it.com\/wp-content\/uploads\/2023\/06\/logo-new.svg","contentUrl":"https:\/\/oberig-it.com\/wp-content\/uploads\/2023\/06\/logo-new.svg","caption":"Oberig IT"},"image":{"@id":"https:\/\/oberig-it.com\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Oberig.disti"]},{"@type":"Person","@id":"https:\/\/oberig-it.com\/en\/#\/schema\/person\/9d804f9c469169d256ca04bc0446793d","name":"Albekova Paula","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/oberig-it.com\/en\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/267b2447d88f2254471421efc84e51964ec66e50c0a67b40f9346d135523b971?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/267b2447d88f2254471421efc84e51964ec66e50c0a67b40f9346d135523b971?s=96&d=mm&r=g","caption":"Albekova Paula"},"sameAs":["https:\/\/oberig-it.com\/"]}]}},"_links":{"self":[{"href":"https:\/\/oberig-it.com\/en\/wp-json\/wp\/v2\/posts\/8722","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/oberig-it.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/oberig-it.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/oberig-it.com\/en\/wp-json\/wp\/v2\/users\/850"}],"replies":[{"embeddable":true,"href":"https:\/\/oberig-it.com\/en\/wp-json\/wp\/v2\/comments?post=8722"}],"version-history":[{"count":2,"href":"https:\/\/oberig-it.com\/en\/wp-json\/wp\/v2\/posts\/8722\/revisions"}],"predecessor-version":[{"id":8724,"href":"https:\/\/oberig-it.com\/en\/wp-json\/wp\/v2\/posts\/8722\/revisions\/8724"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/oberig-it.com\/en\/wp-json\/wp\/v2\/media\/8262"}],"wp:attachment":[{"href":"https:\/\/oberig-it.com\/en\/wp-json\/wp\/v2\/media?parent=8722"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/oberig-it.com\/en\/wp-json\/wp\/v2\/categories?post=8722"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/oberig-it.com\/en\/wp-json\/wp\/v2\/tags?post=8722"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}