Ransom-seeking hackers have set their sights on managed file transfer (MFT) software, aiming to exploit the valuable data exchanged between organizations and their partners for lucrative payouts.
Governments and companies worldwide are grappling with the aftermath of a recent widespread compromise that targeted Progress Software’s MOVEit Transfer product. In 2021, hackers exploited Accellion’s File Transfer Appliance, and earlier this year, Fortra’s GoAnywhere MFT was compromised, resulting in data theft from over 100 companies.
But what exactly is MFT software, and why are hackers so determined to exploit it?
MFT software, such as FTA, GoAnywhere MFT, and MOVEit Transfer, are enterprise-level counterparts to consumer file-sharing platforms like Dropbox or WeTransfer. MFT software offers features like automated data movement, scalable document transfer, and granular access control.
While consumer programs are suitable for sharing files among individuals, MFT software is designed specifically for exchanging data between systems. According to James Lewis, Managing Director of UK-based Pro2col, which specializes in MFT consulting, “Dropbox and WeTransfer don’t provide the workflow automation that MFT software can.”
MFT programs have become enticing targets for hackers due to their vulnerability compared to well-defended corporate systems. Instead of facing the challenges of breaching a fortified corporation, exploiting an MFT program, typically connected to the open internet, is more like robbing a convenience store, as explained by Recorded Future analyst Allan Liska. The data is readily accessible, making it a tempting opportunity for attackers.
The tactics employed by hackers are also evolving. While traditional ransomware groups encrypt a company’s network and demand payment for decryption or threaten to leak the data, some groups are now shifting towards pure extortion without encryption. Allan Liska stated, “a lot of ransomware groups want to move away from encrypt-and-extort to just extort.” Joe Slowik, a manager at cybersecurity company Huntress, finds this transition to be a potentially clever move, avoiding the attention of law enforcement.
In summary, the rise of ransom-seeking hackers targeting MFT software has raised concerns among governments and organizations globally. The unique features and accessibility of MFT applications make them lucrative targets for attackers, prompting the need for enhanced security measures to protect sensitive data.
(Note: The content has been rewritten with improved grammar, sentence structure, and SEO optimization while maintaining the essence and meaning of the original text.)
Denial of responsibility! TechCodex is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, and all materials to their authors. For any complaint, please reach us at – [email protected]. We will take necessary action within 24 hours.
Alex Smith is a writer and editor with over 10 years of experience. He has written extensively on a variety of topics, including technology, business, and personal finance. His work has been published in a number of magazines and newspapers, and he is also the author of two books. Alex is passionate about helping people learn and grow, and he believes that writing is a powerful tool for communication and understanding.
