Mass Hacks on the Rise: Hackers Exploit Critical Vulnerability in Popular File Transfer Tools
A high-risk vulnerability in a widely used file transfer technology is being actively exploited by hackers to launch mass hacks. The vulnerability, identified as CVE-2024-50623, affects software developed by Cleo, a leading enterprise software company.
According to security researchers at Huntress, a cybersecurity company, the flaw was first disclosed by Cleo in a security advisory on October 30. The advisory warned that exploitation of the vulnerability could lead to remote code execution. The affected software includes Cleo’s LexiCom, VLTransfer, and Harmony tools, which are commonly used by enterprises to manage file transfers.
Although Cleo released a patch for the vulnerability in October, Huntress has warned that the patch does not mitigate the software flaw. As a result, hackers are actively exploiting the vulnerability to compromise vulnerable systems.
Huntress has observed threat actors exploiting the software en masse since December 3. The company has discovered at least 24 businesses whose servers were compromised, including various consumer product companies, logistics and shipping organizations, and food suppliers.
A search engine for publicly available devices and databases, Shodan, lists hundreds of vulnerable Cleo servers, the majority of which are located in the U.S. Cleo has over 4,200 customers, including prominent companies such as Illumina, New Balance, and Portable.
Huntress has not yet identified the threat actor behind these attacks, and it is unclear whether any data has been stolen from impacted Cleo customers. However, the company has observed hackers performing post-exploitation activity after compromising vulnerable systems.
In response to the attacks, Huntress recommends that Cleo customers move any internet-exposed systems behind a firewall until a new patch is released. Cleo has confirmed that a patch for the critical vulnerability is under development.
The exploitation of vulnerabilities in enterprise file transfer tools is a growing concern. Last year, the Russia-linked Clop ransomware gang claimed thousands of victims by exploiting a zero-day vulnerability in Progress Software’s MOVEit Transfer product. The same gang had previously taken credit for the mass exploitation of a vulnerability in Fortra’s GoAnywhere managed file transfer software, which was used to target over 130 organizations.
To protect against these types of attacks, it is essential for organizations to prioritize cybersecurity and keep their software up to date. This includes applying patches and updates as soon as they become available and implementing robust security measures to detect and prevent exploitation.