Patch GoAnywhere MFT Software Now
If you are still running vulnerable GoAnywhere MFT software, patching now isn't going to fix your problem. This vulnerability has been known, and publicly discussed, for a while now. If you are still not patched: Go straight to incident response and do not waste time patching first.
Many disclosures include notification that they are no-longer using the GoAnywhere file transfer service. If you are using GoAnywhere MFT software, make sure it's updated. File transfer services as well as API gateways have become increasingly prevalent with the increased use of cloud and outsourced services. Make sure that you know what services are used for these communications and that you've not only secured them, but watch for changes in that security.
The underlying attack utilized a zero-day exploit. ‘Zero days’ are next to impossible to defend against until the vendor issues a patch, which it did within a week. Now it is up to users of the software to escalate remediation as part of their patch management process. It often comes down to a race between the evil-doer to exploit and, the target to protect themselves by patching.
The GoAnywhere software we wrote about a few weeks ago is popping up again as more companies get hit with this vulnerability. We haven’t seen this system in use in many of the orgs we have tested, but then again, our view of the total install base would be fairly small. It is commercial software sold by Fortra, and you would imagine it would have been sold to several companies.
Read more in
Security Week: GoAnywhere Zero-Day Attack Hits Major Orgs