Surge in MOVEit Transfer Scanning Activity Raises Security Concerns

A significant spike in scanning activity targeting MOVEit Transfer systems has security experts on high alert, with daily scans jumping from fewer than 10 IPs to over 300 within a 24-hour period starting May 27, 2025. This dramatic increase has maintained a steady rate of 200-300 unique IPs per day, suggesting potential emerging threat activity. Organizations should prioritize implementing a comprehensive data breach response strategy to protect sensitive information.

Security Experts Urge Vigilance

"While this increased scanning activity warrants monitoring, it doesn't necessarily indicate imminent widespread exploitation," explains Shane Barney, Chief Information Security Officer at Keeper Security. "However, given MOVEit's history of large-scale exploitation, organizations must remain vigilant."

The surge comes at a time when artificial intelligence is enabling threat actors to launch more sophisticated and rapid attacks. Security teams are being advised to strengthen their core defense strategies, including:

• Establishing zero-trust architecture
• Managing privileged access
• Implementing real-time threat detection
• Maintaining up-to-date software patches

Exploitation Attempts Target Known Vulnerabilities

On June 12, 2025, security researchers confirmed exploitation attempts involving two previously disclosed vulnerabilities: CVE-2023-34362 and CVE-2023-36934. Understanding various types of malware and their attack vectors is crucial for protecting against these threats.

Nivedita Murthy, Senior Staff Consultant at Black Duck, emphasizes the critical nature of these developments: "Attackers are specifically targeting outdated versions of MOVEit Transfer, highlighting the crucial importance of regular software updates and patch management."

Comprehensive Defense Strategy

Organizations can protect themselves by implementing robust anti-malware protection and security measures, including:

• Conducting regular software inventory using SCA tools
• Implementing robust authentication and authorization controls
• Maintaining accurate Software Bills of Materials (SBOMs)
• Regularly scanning software inventory for potential risks

Enhanced Monitoring Protocols

Security teams should implement enhanced monitoring protocols, including:

• Real-time network traffic analysis
• Automated vulnerability scanning
• Continuous system health monitoring
• Regular security audits

For additional information about MOVEit Transfer vulnerabilities, visit the CISA Advisory Database.

Incident Response Preparation

IT administrators should:

• Immediately audit MOVEit Transfer installations
• Update all systems with the latest security patches
• Review and update incident response procedures
• Document and test recovery processes