ARTICLE
3 January 2025

Data Security Risk Due To File-Transfer Software Vulnerabilities

MT
Miller Thomson LLP

Contributor

Miller Thomson LLP (“Miller Thomson”) is a national business law firm with approximately 500 lawyers across 5 provinces in Canada. The firm offers a full range of services in litigation and disputes, and provides business law expertise in mergers and acquisitions, corporate finance and securities, financial services, tax, restructuring and insolvency, trade, real estate, labour and employment as well as a host of other specialty areas. Clients rely on Miller Thomson lawyers to provide practical advice and exceptional value. Miller Thomson offices are located in Vancouver, Calgary, Edmonton, Regina, Saskatoon, London, Waterloo Region, Toronto, Vaughan and Montréal. For more information, visit millerthomson.com. Follow us on X and LinkedIn to read our insights on the latest legal and business developments.
Data and personal information shared through a third-party file transfer system is potentially at risk, according to recent alerts issued by the Canadian Centre for Cyber Security and the U.S.
Canada Technology

Data and personal information shared through a third-party file transfer system is potentially at risk, according to recent alerts issued by the Canadian Centre for Cyber Security and the U.S. Cybersecurity and Infrastructure Security Agency.[1

In cases where data is compromised, for example, via ransomware attacks, the ultimate accountability and responsibility for the data lies with the organization that has custody and control of the data. This means organizations who use these third-party tools remain accountable to the individuals to whom the personal information pertains, including potential legal notifications.

Discovered zero-day vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency has reported the discovery of serious vulnerabilities in Cleo's managed file transfer platforms, including Cleo Harmony, VLTrader, and LexiCom.[2These widely used platforms for secure file exchanges have been actively exploited by cybercriminals, including the Clop ransomware gang. The vulnerabilities, identified as CVE-2024-50623 and CVE-2024-55956, enable unauthorized access to sensitive data, resulting in breaches and data theft.[3

Vulnerabilities and exploits

  1. CVE-2024-50623:This flaw, disclosed in October 2024, enables unrestricted file uploads and downloads, allowing remote code execution. Despite a patch, attackers continue exploiting it via a backdoor.
  2. CVE-2024-55956:Discovered in December 2024, this vulnerability allows attackers to upload arbitrary files, including a JAVA backdoor ("Malichus"), enabling data theft and further access to compromised networks.

Both vulnerabilities are being actively targeted by the Clop ransomware gang, posing a serious risk due to their high level of severity.[4

Immediate actions to take

  1. Update Your Systems:Ensure that you are using the latest versions of Cleo Harmony, VLTrader, and LexiCom (version 5.8.0.24 or higher).[5
  2. Monitor for Signs of Compromise: Be vigilant for unusual activities within your network, such as unexplained file uploads or changes in file integrity.
  3. Assess Vendor Risk:If your vendors use Cleo products, it is crucial to confirm that they have applied the necessary patches and are actively monitoring their systems for signs of attack. Ensure that your third-party risk management processes include checks on vendor cybersecurity practices.[6
  4. Review Data Access Protocols:Implement stricter access controls and enable multi-factor authentication (MFA).
  5. Consult with Experts:Contact your cybersecurity team if you suspect a breach.
  6. Prepare for Ransomware Protection:Regularly test backups and review your incident response plan.

Conclusion

The exploitation of these vulnerabilities poses a critical data security threat. Implement the necessary updates and security practices to protect your organization from potential breaches.

If you have any questions or would like further information regarding how your organization can enhance its cybersecurity and data protection strategies, please contact a member of the Miller Thomson LLPTechnology, IP and PrivacyGroup.

Footnotes

1. Canadian Centre for Cyber Security, "Alert – Vulnerability impacting all versions of Cleo VLTrader, Harmony, and LexiCom software" (December 11, 2024), online: Government of Canada www.cyber.gc.ca. See also Lawrence Abrams, "Clop ransomware claims responsibility for Cleo data theft attacks" (December 15, 2024), online: BleepingComputer www.bleepingcomputer.com/. /www.cyber.gc.ca

2. Mathew J Schwartz, "Clop Ransomware Takes Responsibility for Cleo Mass Exploits" (December 16, 2024), online: Gov Info Security www.govinfosecurity.com./www.govinfosecurity.com

3. Scott T Lashway et al., "Patch, Investigate, and Defend: Critical and High Vulnerabilities in Cleo Managed File Transfer Solutions Reportedly Under Attack" (December 17, 2024), online: National Law Review natlawreview.com. /natlawreview.com

4. Ibid.

5. Scott T Lashway et al., supra note 3.

6. Ibid.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More