Be the smartest leader in the room

Stay on the pulse of the latest convenience store industry news and what it means for leaders like you with C-Store Dive’s Daily Dive.

Get the Free Newsletter

Dive Insight:

GoAnywhere is used by more than 3,000 organizations, but active exploits and widespread exposure from the latest CVE in the file-transfer service have yet to materialize.

The critical Vulnerability quickly caught the attention of threat hunters and defenders, as multiple file-transfer services including GoAnywhere were broadly targeted in 2023. A zero-day vulnerability in GoAnywhere was widely exploited by the Clop ransomware group in early 2023.

Censys on Wednesday observed nearly 170 hosts with publicly Exposed GoAnywhere admin interfaces, but said it’s unclear how many are vulnerable to exploits.

“Although this isn’t the most extensive level of exposure we’ve encountered, it does raise concerns given the nature of the data stored in these instances,” Himaja Motheram, security researcher at Censys, said in a blog post. “The relatively small number of hosts belies the potential damage that could occur with just one compromise.”

The majority of GoAnywhere MFT admin interfaces running on default port settings are hosted in the U.S., according to Censys. More than 3 in 5 of those publicly exposed instances are hosted on cloud networks operated by Amazon, Microsoft and Google. 

“We expect to see a rise in scanning and compromise of exposed unpatched GoAnywhere MFT instances,” Motheram said. “Patching immediately is crucial.”