The cornerstones of modern businesses are under attack.
With the news Monday (Dec. 9) that cybercriminals, alleged to be from the ransomware group Termite, are exploiting a security flaw that affects Cleo’s LexiCom, VLTransfer and Harmony enterprise file transfer tools, securing critical business infrastructure that handles sensitive data has become an urgent need.
Enterprise file transfer tools are designed to securely and efficiently transfer large volumes of data across systems, networks and organizations. These tools are essential for businesses that handle sensitive information or need to comply with regulatory requirements.
The software vulnerability at the heart of the Cleo cyber incident, CVE-2024-50623, allows unauthenticated remote code execution, essentially giving attackers complete control over affected systems. Per the report from the security firm Huntress, at least 10 Cleo customers are believed to be compromised as a result.
The attack on the company’s enterprise solutions comes just weeks after Termite executed a separate ransomware attack against supply chain management software provider Blue Yonder. The November strike disrupted Blue Yonder customers’ operations, including those at Starbucks and U.K. grocery chain Morrisons.
The surge in cyberattacks targeting enterprise operations highlights a shift in how hackers approach their targets. Rather than casting wide nets through ransomware campaigns, cybercriminal groups are focusing on critical infrastructure that serves as the backbone of corporate data exchange.
Read more: BEC and Phishing Attacks Surge, Exploiting New Domain Names
Critical business infrastructure, especially the many elements of it exposed to the internet, are attractive targets for attackers. That makes prevention and a multifaceted defense critical. By understanding the vulnerabilities of enterprise software tools and implementing security measures, businesses protect their data and mitigate the risks associated with data breaches.
In the Cleo incident, several factors were at play. First, enterprise file transfer tools often have extensive permissions and access rights across networks. Second, these systems typically handle large volumes of sensitive data, making them attractive targets for extortion attempts. Third, many organizations rely on legacy file transfer infrastructure that may not receive regular security updates.
Cleo did not immediately reply to PYMNTS’ request for comment.
Cybercriminals, with the help of technologies like artificial intelligence (AI), are becoming adept at identifying chokepoints in business operations and exploiting them. File transfer systems are perfect targets: They’re essential for daily operations, they handle valuable data, and they’re often overlooked in security modernization efforts.
As organizations rely more on digital infrastructure for their operations, observers believe that attacks targeting their systems are likely to continue.
Within the banking sector specifically, the PYMNTS Intelligence report “The State of Fraud and Financial Crime in the U.S.: What FIs Need to Know,” found that 76% of financial institutions (FIs) plan to implement or upgrade fraud detection systems, up from 49% in 2023. However, at the same time, 83% of FIs cited cost as a barrier to upgrading.
And as AI becomes more prevalent, data security will become more critical.
“Companies and enterprises are increasingly facing a dilemma between how much they want to leverage their data versus how much they want to keep it secure and protected,” Pyte CEO and Founder Sadegh Riazi told PYMNTS in June.
Read more: Grocery Giant Ahold Delhaize’s Cyber Incident Signals Wider Digital Achilles’ Heel
In interviews for the “What’s Next in Payments” series, a panel of executives explained to PYMNTS that a multilayered security strategy, also known as defense in depth, reduces risks at various levels.
For businesses, the message is clear: Securing any infrastructure that touches data needs to become a top priority in cybersecurity planning. This includes regular security audits, patching, monitoring, and developing incident response plans.
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More