How File Transfer Software Became the #1 Third-Party Breach Vector

Why File Transfer Software Is a Growing Target

File transfer tools are essential for business operations. They enable organizations to exchange data securely with vendors, partners, and customers. But their growing complexity—and their position at the intersection of multiple networks—makes them a prime target for attackers.

SecurityScorecard’s 2025 Global Third-Party Breach Report revealed that file transfer software was the most exploited vector in third-party breaches over the past year. That accounts for 14% of all third-party breaches. This narrowly focused exploitation underscores how these seemingly routine systems have become critical liabilities for any organization looking to bolster their security posture.

Here is what security leaders need to know about file transfer software in 2025 to manage cyber risks.

How File Transfer Tools Introduce Third-Party Risk

Two large-scale incidents demonstrate the devastating potential of file transfer vulnerabilities:

1. MOVEit:

Attackers exploited a zero-day vulnerability in Progress Software’s MOVEit file transfer tool, which thousands of organizations use around the globe. The zero-day enabled compromise of hundreds or thousands of organizations globally.

The attack leveraged an SQL injection flaw (CVE-2023-34362), enabling exfiltration of sensitive data from high-profile targets.

2. Cleo Software (2024):

The C10p ransomware group launched a coordinated attack exploiting two vulnerabilities—CVE-2024-50623 and CVE-2024-55956—in Cleo tools. Just these two campaigns accounted for 63.5% of all vulnerability-driven third-party breaches, according to SecurityScorecard’s research.

These cases illustrate a key pattern to incorporate into risk mitigation strategies: Attackers target widely deployed tools with high interconnectivity, as they will always look for the path of least resistance. A single exploit provides access to hundreds of downstream organizations.

C10p in particular has been especially prolific in this space. The hacking group was responsible for 41.5% of attributable third-party breaches due in part to its exploitation of file transfer vulnerabilities.

Why File Transfer Software Is a Breach Multiplier

1. Broad Deployment:

These tools are used across industries, including finance, healthcare, government, and more. Once an exploit is known, attackers can automate discovery and replication at scale with sweeping impact.

2. Trusted Positioning:

Vendors using file transfer tools may have elevated access to sensitive data. When these tools are compromised, attackers can bypass perimeter defenses entirely.

3. Visibility Gaps:

Many organizations lack direct visibility into which vendors are running specific file transfer tools, or how securely those tools are configured.

When vulnerabilities arise in these tools, the combination of widespread use, elevated privileges, and limited oversight can turn a single exploit into a multi-organization incident.

Other tools that play similarly common roles in third-party breaches include cloud products and services, which together make up the second-most common source of third-party breaches in 2025.

Risk Indicators to Watch For

If your vendors use file transfer software, monitor for red flags, such as:

• Poor patching cadence or manual patching processes with long lag times
• Legacy tools no longer in use
• No multi-factor authentication (MFA) requirements
• Shared credentials across multiple external partners

Impact Across Sectors

According to the 2025 SecurityScorecard Global Third-Party Breach Report:

• File transfer software was the #1 enabler of third-party breaches
• Attackers were more interested in tools that spanned sectors, rather than those specific to just retail, logistics, financial services, or critical infrastructure. Cross-sector tools were four times more commonly exploited than sector-specific tools. Maximum reach is the goal.
• Supply chain concentration risk became a central concern, as many vendors used the same vulnerable tools

The cascading nature of these breaches reinforces why third-party and fourth-party visibility are essential.

How to Reduce File Transfer Exposure

1. Demand Vendor Transparency
   Include questions about patch cadence and file transfer tooling in your security questionnaires. Identify which tools are in use and validate patch levels.
2. Monitor Vendor Attack Surfaces
   Use platforms like SecurityScorecard to continuously track issues tied to vulnerable software, known exploitation, or exposed ports.
3. Leverage Real-Time Breach Intelligence
   SecurityScorecard’s Supply Chain Detection and Response (SCDR) offers continuous visibility into vendor ecosystems.
4. Adopt a Risk-Based Remediation Approach
   Prioritize vendors with known vulnerabilities or unpatched transfer services.

A Critical Link in Supply Chain Breach Prevention

As attackers shift to scalable breach strategies, tools like file transfer software offer an ideal entry point. They’re highly interconnected, widely deployed, and often overlooked.

Organizations that monitor only their first-tier vendors miss the systemic nature of these threats. SecurityScorecard’s Supply Chain Detection and Response (SCDR) can help security teams gain the extended visibility needed to preempt supply chain failures.

Transform Third-Party Risk into a Supply Chain Resilience

With SecurityScorecard’s Supply Chain Detection and Response (SCDR), gain actionable insights into your vendors’ security postures. Our solution empowers you to make informed decisions, ensuring compliance and strengthening your supply chain’s cybersecurity.

🔗 Explore SCDR