BBC, British Airways and Boots Targeted by Cyberattack

Hackers exploited a vulnerability in MOVEit Transfer software last week to access a range of information which is now casting a cloud over a growing number of UK firms and their staff.

The BBC, British Airways and Boots have been caught up in a cyber incident that has exposed employee personal data, including bank and contact details, to hackers.

A ransonware group named Clop has claimed responsibility for the breaches centered around the MOVEit file transfer software.

In an email to Reuters on Monday, the hackers said “it was our attack” and that victims who refused to pay a ransom would be named and shamed on the group’s website.

Work by Microsoft had earlier suggested that the Russian-speaking ransomware gang was behind the attack.

It emerged last week that a so-called zero-day vulnerability – a flaw – in the file transfer system MOVEit, produced by Progress Software, had been exploited by cyber criminals.

It had allowed the hackers to access information on a range of global companies using MOVEit Transfer.

Thousands of firms are understood to be affected.

UK-based payroll provider Zellis confirmed on Monday that eight of its clients were among them.

It did not name the organisations.

BA, however, confirmed it had been caught up in the affair.

The airline employs 34,000 people in the UK.

The BBC and Boots, which has 50,000 staff, said they had been affected too.

The broadcaster did not believe its employees’ bank details had been exposed though company ID and national insurance numbers were compromised.

Experts said corporate victims could expect the group responsbile to make contact with a list of demands within weeks.

In this instance, the compromised information included contact details, national insurance numbers and bank details.

BA told Sky News: “We have been informed that we are one of the companies impacted by Zellis’s cybersecurity incident which occurred via one of their third-party suppliers called MOVEit.

“Zellis provides payroll support services to hundreds of companies in the UK, of which we are one.

“This incident happened because of a new and previously unknown vulnerability in a widely used MOVEit file transfer tool. We have notified those colleagues whose personal information has been compromised to provide support and advice.”

Experts said corporate victims could expect the group responsbile to make contact with a list of demands within weeks.

In this instance, the compromised information included contact details, national insurance numbers and bank details.

BA told Sky News: “We have been informed that we are one of the companies impacted by Zellis’s cybersecurity incident which occurred via one of their third-party suppliers called MOVEit.

“Zellis provides payroll support services to hundreds of companies in the UK, of which we are one.

“This incident happened because of a new and previously unknown vulnerability in a widely used MOVEit file transfer tool. We have notified those colleagues whose personal information has been compromised to provide support and advice.”

Zellis said in its own statement: “A large number of companies around the world have been affected by a zero-day vulnerability in Progress Software’s MOVEit Transfer product.

“We can confirm that a small number of our customers have been impacted by this global issue and we are actively working to support them.

“All Zellis-owned software is unaffected and there are no associated incidents or compromises to any other part of our IT estate.

“Once we became aware of this incident we took immediate action, disconnecting the server that utilises MOVEit software and engaging an expert external security incident response team to assist with forensic analysis and ongoing monitoring.”

Charles Carmakal, chief technology officer at Google cyber security specialist Mandiant Consulting, said: “At this stage it is critical for victim organisations to prepare for potential extortion, publication of stolen data, and victim shaming.

“It is likely that the threat actor will soon begin to make contact with extortion demands and begin to work through their list of victims.

“Mandiant’s investigations into prior campaigns from the suspected threat actor show that extortion demands are usually in the 7- or 8-figure range, including a few demands for more than $35m.

“Any organisation that had the MOVEit web interface exposed to the internet should perform a forensic analysis of the system, irrespective of when the software was patched,” he warned.

“Watch out for scammers too. Some of our clients impacted by the MOVEit exploitation received extortion emails over the weekend.

“The extortion emails were unrelated to the MOVEit exploitation and were just scams, but organisations could easily confuse them as being authentic.”

A MOVEit spokesperson said: “Our customers have been, and will always be, our top priority. When we discovered the vulnerability, we promptly launched an investigation, alerted MOVEit customers about the issue and provided immediate mitigation steps.”

“We disabled web access to MOVEit Cloud to protect our cloud customers, developed a security patch to address the vulnerability, made it available to our MOVEit Transfer customers, and patched and re-enabled MOVEit cloud, all within 48 hours. We have also implemented a series of third-party validations to ensure the patch has corrected the exploit.”

“We are continuing to work with industry-leading cybersecurity experts to investigate the issue and ensure we take all appropriate response measures. We have engaged with federal law enforcement and other agencies with respect to the vulnerability.”

“We are also committed to playing a leading and collaborative role in the industry-wide effort to combat increasingly sophisticated and persistent cybercriminals intent on maliciously exploiting vulnerabilities in widely used software products.”

– Sky News

Related posts

New Relic Unveils Industry’s First Intelligent Observability Platform

Sophos Launches New XGS Series of Desktop Firewalls & Updated Firewall Software

Netpoleon India Partners with Cavisson Systems Inc. to Revolutionize IT Infrastructure for Indian Enterprises and MSMEs

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More