When you experience a breach, time is crucial. Our 24/7 Security Operations Center responds immediately with precision to eliminate the threat and restore operations.
ShadowSpear® is an unparalleled resource that defends your organizations against advanced cyber threats and attacks 24/7/365.
Your organization has cybersecurity weaknesses and vulnerabilities you don’t yet even know about. They need to be found and found immediately. If you don’t someone else will.
The developers of the GoAnywhere MFT or (managed file transfer) solution warned clients about a zero-day remote code execution vulnerability on exposed administrator consoles. GoAnywhere, a secure web filter transfer solution, enables companies to securely transfer encrypted files to partners while maintaining detailed audit logs of who accessed the files. The security advisory by GoAnywhere was first made public by a reporter who shared a copy on Mastodon. According to a client who received the message, it affected the on-premises and SaaS deployments of GoAnywhere. However, it couldn’t be independently confirmed at the time. The security advisory explained that the exploit requires access to the administrative console, which shouldn’t ordinarily be exposed to the internet. The GoAnywhere security advisory warned that a Zero-Day Remote Code Injection exploit was discovered in GoAnywhere MFT.
The exploit’s attack vector involves access to the application’s administrative console, which is often only accessible from within private companies’ networks, through VPNs, or by allow-listed IP addresses (when running in cloud environments, including Azure or AWS). Because there are currently no available patches for the zero-day vulnerability, administrators are advised to take the following mitigation:
There are no other methods to mitigate cyberattacks because a cybersecurity company has not released a security update. The cybersecurity company’s SaaS solution has been temporarily shut down until the issue has been resolved. Administrators need to conduct audits of their installations, which include:
A security professional conducted a Shodan scan to identify how many GoAnywhere instances were exposed on the internet and discovered 1,008 servers, mostly in the United States. However, numerous admin consoles used ports 8000 and 8001, of which only 151 were exposed. Even though the attack surface appeared to be limited, large companies used the products to transfer sensitive files with their partners. Local governments, healthcare companies, banks, energy companies, financial services companies, museums, and computer manufacturers used the GoAnywhere file transfer solution. A single breach exploiting GoAnywhere MFT’s zero-day flaw can expose sensitive data that can be used for extortion. A similar scenario was witnessed in the Clop ransomware group’s 2021 Accellion FTA (File Transfer Appliance) breaches, which damaged numerous high-profile global companies.
With new and current vulnerabilities being exposed by threat operators to use in their extortion schemes, it’s important for high-profile companies to always remain alert to the latest threat landscape and regularly update security patches on their software. At SpearTip, our engineers examine companies’ security postures to improve the weak points within their networks. Additionally, our team engages with companies’ people, processes, and technology to truly measure the maturity of the technical environments. For all the vulnerabilities our engineers uncover, they will provide companies with a technical roadmap ensuring they have the awareness and support to optimize their overall cybersecurity posture. SpearTip discovers blind spots within companies that can lead to significant compromises and goes beyond simple compliance frameworks and examines daily cyber function within companies.
If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.
Identify, neutralize, and counter cyberattacks - provide confidence in your security posture
24/7 Breach Response: US/CAN: 833.997.7327
Main Office: 800.236.6550
1714 Deer Tracks Trail, Suite 150
St. Louis, MO 63131
©2024 SpearTip, LLC. All rights reserved.