Hackers seeking ransom have turned an increasingly greedy eye to the world of managed file transfer (MFT) software, plundering sensitive data being exchanged between organizations and their partners in order to win large payouts.
Governments and companies globally are scrambling to deal with the consequences of a massive settlement made public on Thursday that was linked to Progress Software’s Moovit transfer product. Accelion’s file transfer appliance was exploited by hackers in 2021 and earlier this year Fortra’s GoAnywhere MFT was compromised to steal data from more than 100 companies.
So what is MFT software? And why are hackers so eager to destroy it?
Corporate Dropbox
FTA, GoAnywhere MFT, and MOVEit Transfer are corporate versions of file sharing programs that consumers use all the time, such as dropbox Or we transfer, MFT software often promises the ability to automate the movement of data, mass transfer documents, and provide fine-grained control over who has access to what.
Consumer programs may be fine for exchanging files between people, but MFT software is what you want to exchange data between systems, said James Lewis, managing director of UK-based Pro2col, which provides such Works on the system.
“Dropbox and vTransfer don’t provide the workflow automation that MFT software can,” he said.
MFT programs can be attractive targets
It is difficult enough to run an extortion campaign against a well-defended corporation, said Alan Liska, Recorded Futures analyst. Hackers need to gain a foothold, navigate through their victim’s network and exfiltrate data – all while remaining undetected.
In contrast, breaking an MFT program – which usually faces open Internet – was something like knocking over a convenience store, he said.
“If you can get to one of these file transfer points, all the data is right there. Wham. Bam. You go in. You go out.”
Hacker tactics are changing
Scooping up data is becoming an increasingly important part of the way hackers operate.
Typical digital extortionists still encrypt a company’s network and demand payment to open it. They may also threaten to leak data in an attempt to exert pressure. But some are now giving up on the nitty-gritty business of encrypting the data in the first place.
“A lot of ransomware groups want to move away from encrypt-and-extort,” Liska said.
Joe Slovik, a manager at cyber security company Huntress, said switching to pure extortion was a “potentially smart move”.
“It avoids the disruptive element of these incidents that attract the attention of law enforcement,” he said.
© Thomson Reuters 2023