Emily Austin

Managed File Transfer or Miscreants’ Favorite Target? An internet-wide study of MFT exposures

Managed file transfer (MFT) tools are a popular, user-friendly evolution of FTP, facilitating data sharing between and within organizations. In 2021, Businesswire reported projected growth of the MFT market to $2.4 billion by 2027, further emphasizing how organizations have come to rely on these tools. While companies of all sizes may have a need for user-friendly file sharing, MFT tools tend to be geared toward enterprise organizations in highly regulated industries (e.g., finance, healthcare).

As the tech industry provides software and tooling to facilitate work, we often inadvertently provide new targets for threat actors, and MFT is no exception. In the first half of 2023 alone, we’ve seen a series of high-profile attacks against file transfer software including GoAnywhere, Faspex, and MOVEit.

In this talk, we’ll begin by exploring a timeline of attacks against file transfer software. We’ll discuss the Clop ransomware and extortion group, along with their attacks against tools like GoAnywhere and MOVEit. Specifically, we’ll examine exposure of these tools prior to and during the attack time frame, along with a look at affected industries and networks.

We’ll then examine the state of additional file transfer tool exposures across the internet to better understand potential impact of attacks against such tools. The recent string of attacks against this category of software, combined with how widespread they are across the internet, suggests that we may see more attacks of this kind in the near future. In closing, we’ll discuss implications of the rise of MFT software for companies and consumers.

Emily leads the security research team at Censys, where she and her team study security threats and other interesting internet phenomena. Previously, she was a security engineer focused on threat hunting, detection, and incident response. She is interested in the application of data science and analytics techniques to problems in security, and in the past has worked on projects related to anti-abuse, fraud, and malicious web app traffic detection.