Payroll data of employees at tens of thousands of businesses including British Airways (BA), Boots and the BBC was found to be subject to an attack on the MOVEit file transfer software — owned by US tech company Progress — which caters for HR software provider Zellis.
According to Zellis, eight of its clients were affected by the attack, but these were not named.
Airline BA, which employs 34,000 employees in the UK, along with pharmacy Boots (over 50,000 employees) and the BBC (20,000 employees) confirmed it had been hit.
7 things you should know about hackers — Keren Elazari, The Friendly Hacker, shares seven things you need to know about hackers – and how you can stay ahead of the malicious ones.
BA told Sky News: “We have been informed that we are one of the companies impacted by Zellis’s cybersecurity incident which occurred via one of their third-party suppliers called MOVEit.
“This incident happened because of a new and previously unknown vulnerability in a widely used MOVEit file transfer tool. We have notified those colleagues whose personal information has been compromised to provide support and advice.”
While not reporting breaching of staff bank details, the BBC said that company ID and national insurance numbers were compromised.
UK-based Zellis also provides HR services for clients including Credit Suisse, Harrods and Sky.
Progress, provider of the vulnerable MOVEit app, told The Register: “Progress takes the security of our customers very seriously. We cannot disclose information on our MOVEit Transfer and MOVEit Cloud customers.
“However, we can confirm that we took immediate measures to protect customer environments — first, providing instructions for immediate mitigation, followed by the release of a patch to all MOVEit Transfer customers, within 48 hours of identifying the vulnerability.”
Reportedly found on Thursday, the flaw in the MOVEit software — assigned the code CVE-2023-34362 — was said to have been patched on Friday.
The importance of disaster recovery and backup in your cybersecurity strategy — A strong disaster recovery as-a-service (DRaaS) solution can prove the difference between success and failure when it comes to keeping data protected.
The culprits
Investigations undertaken by Microsoft concluded on Sunday that cybercrime gang Cl0p was behind exploitation of the software vulnerability.
The Russian-speaking ransomware group revealed to Reuters in an email that it was behind the attack, and threatens to publish details of victims who refuse to pay a ransom to its website.
Previous ransomware demands made by Cl0p have ranged from $1m to $35m.
Avoiding a zero-day attack
When it comes to ensuring that zero-day vulnerability breaches across the supply chain can be avoided, Barrier Networks CTO Ryan McConechy advises: “It is essential to run vulnerability management and red teaming to help spot vulnerabilities quickly, and to patch systems as early as possible to patches becoming available.
“It is also critical to segment the network to help contain attacks and stop them spreading through the supply chain.”
Julia O’Toole, CEO of MyCena Security Solutions, adds: “When it comes to protection against these threats, segmenting and encrypting access is essential.
“By segmenting access, you minimise the amount of data that can be obtained at once, and the malware cannot travel not just inside your systems, but also further up and down your supply-chain to avoid infecting more companies.”
Related:
Backup and recovery issues reported by 93 per cent of businesses — Rubrik research has found that the majority (93 per cent) of businesses have encountered significant issues with their backup and recovery solutions.
Cyber insurance: A comprehensive guide to cyber liability insurance — With the cyber insurance space continuing to evolve, and demand growing amidst rising cyber attacks, we present our comprehensive guide to cyber insurance.