Cybersecurity Breaches for Payment Industry (Billtrust & Fiserv) Rapid7's full technical analysis of the exploit chain for CVE-2023-34362 https://attackerkb.com/topics/mXmV0YpC3W/cve-2023-34362/rapid7-analysis?referrer=etrblog
A strong IOC may be present in the log file C:\MOVEitTransfer\Logs\DMZ_WebApi.log
Ref 1 MOVEit Transfer Critical Vulnerability (May 2023) (CVE-2023-34362) https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
Ref 2 Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability https://www.rapid7.com/blog/post/2023/06/01/rapid7-observed-exploitation-of-critical-moveit-transfer-vulnerability/
Ref 3 MOVEit Transfer Critical Vulnerability CVE-2023-34362 Rapid Response https://www.huntress.com/blog/moveit-transfer-critical-vulnerability-rapid-response
Ref 4 AttackerKB CVE-2023-34362 https://attackerkb.com/topics/mXmV0YpC3W/cve-2023-34362/rapid7-analysis?referrer=search
-
Identify unused IAM roles with AWS Config and remove regularly
-
Identify unnecessary permissions on other resources and review regularly
-
Privilege Access Management (CyberArk PAM) for machine-level access control
-
Assess security measures in place against OWASP Principles of Security
-
Assess design against Baseline Security Assessment on AWS
-
Identify attack vector (if any) with reference to OWASP Top Ten, SANS Top 25 and OWASP Application Security Verification Standard (AVAS) Level 3
-
Prioritize threat in team discussion with reference to OWASP Risk Rating and business & technical context
- ThreagileThreat Modelling diagrams and report generator
- PenTestGPT – an interactive Pentest tool (identification) support any LLMs
- Data breach = Loss of $180 per record with PII
NIST CSF 2.0 – A Canadian Perspective by Bradley J. Freedman https://cybersecuritylaw.ca/home/2023/10/22/nist-cybersecurity-framework-20-a-canadian-perspective NIST Cybersecurity and Privacy Reference Tool: CPRT