Hackers Exploit Flaw in Popular File Transfer Tools for Mass Attacks

Cybersecurity experts are raising alarms about hackers actively exploiting a critical vulnerability in widely used file transfer tools. This vulnerability, identified as CVE-2024-50623, impacts software developed by Cleo, an Illinois-based enterprise software provider. Cleoโ€™s toolsโ€”LexiCom, VLTransfer, and Harmonyโ€”are popular among businesses for managing secure file transfers, making them an attractive target for cybercriminals.

Cleo in a security advisory on October 30, 2024, first disclosed the flaw warning that it could allow attackers to execute remote code on affected systems. While Cleo promptly released a patch, cybersecurity firm Huntress later revealed that the patch was insufficient to mitigate the vulnerability.

Hackers Exploit Flaw in Popular File Transfer Tools for Mass Attacks

According to John Hammond, a security researcher at Huntress, cybercriminals began exploiting the flaw on December 3, 2024, targeting vulnerable servers on a large scale. Hammond stated, โ€œWeโ€™ve observed attackers exploiting this software en masse, compromising at least 24 businesses so far.โ€ These organizations include consumer product companies, logistics firms, and food suppliers, emphasizing the diverse impact of these attacks.

Publicly accessible data from Shodan, a search engine for internet-connected devices, shows hundreds of vulnerable Cleo servers, with the majority located in the United States. Huntress, which safeguards more than 1,700 Cleo servers, warns that many more organizations could still be at risk.

Nature of the Threat

While the exact identity of the attackers remains unknown, Huntress has detected suspicious โ€œpost-exploitation activityโ€ on compromised systems. This raises concerns about potential data breaches or further malicious actions.

Jorge Rodriguez, Cleoโ€™s Senior Vice President of Product Development, acknowledged the critical nature of the flaw and confirmed that a more robust patch is currently under development. However, Rodriguez declined to disclose how many customers had been affected or whether data exfiltration had occurred.

Huntress advises Cleo customers to take immediate precautions, such as moving any internet-facing systems behind a firewall, until a comprehensive fix is available.

See Also: 6 Ways Hackers Can Bypass Two-Factor Authentication

Enterprise Tools: A Lucrative Target

Enterprise file transfer tools like Cleoโ€™s are frequently targeted by cybercriminals due to their widespread use in managing sensitive business data. This incident is reminiscent of past exploits by the Clop ransomware gang, a Russia-linked group that previously targeted vulnerabilities in Progress Softwareโ€™s MOVEit Transfer and Fortraโ€™s GoAnywhere managed file transfer solutions. These attacks affected thousands of organizations worldwide, highlighting the significant risks posed by flaws in enterprise software.

Lessons for Enterprises

This incident underscores the importance of robust cybersecurity practices, particularly for organizations relying on file transfer solutions. Businesses need to:

  • Regularly update and patch software.
  • Limit public exposure to critical systems by placing them behind firewalls.
  • Monitor systems for suspicious activity to detect and mitigate breaches early.

As hackers continue to exploit vulnerabilities in enterprise tools, proactive measures are crucial to safeguarding sensitive data and maintaining operational security. Until a reliable patch is released, Cleo customers must remain vigilant to avoid becoming the next victim in this growing wave of cyberattacks.

PTA Taxes Portal

Find PTA Taxes on All Phones on a Single Page using the PhoneWorld PTA Taxes Portal

Explore NowFollow us on Google News!

Onsa Mustafa

Onsa is a Software Engineer and a tech blogger who focuses on providing the latest information regarding the innovations happening in the IT world. She likes reading, photography, travelling and exploring nature.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
>