Update: BBC, British Airways & Boots In Supply Chain Attack

Uploaded on 2023-06-07 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW

The BBC, British Airways (BA), Boots and Aer Lingus and a number of other organisations have been hit by  large scale attacks and have warned their staff about a cyber attack that has compromised personal information. The hackers are suspected of having links to a Russian cybercrime gang called Clop. 

The payroll service company Zellis has been hit and it has said data from eight of its client firms had been stolen. Zellis has not revealed names, but organisations are independently issuing warnings to staff.

The hackers exploited a vulnerability in MOVEit Transfer software to access information from a growing number of UK firms and their staff in one exploit, although there are no reports so far of ransom demands or money stolen. The MOVEit software is popular around the world with most customers in the US. Potentially hundreds of companies using the software may be impacted.

Now, businesses affected by the exploit, including the BBC, BA and Boots now have an ultimatum from Clop

A post that appeared on the  Dark Wed overnight urges organisations affected by the hack to send an email to the gang to begin a negotiation on the crew's darknet portal. The Clop group posted its notice in broken English with a  warning to those affected by the MOVEit hack to email them before 14 June or stolen data will be published. Also among the organisations targeted were the Nova Scotia Government and the US University of Rochester.

Advice from experts is for individuals not to panic, and for organisations to carry out security checks issued by authorities like the US Cyber Security and Infrastructure Authority (CISA). Russia has long been accused of being a safe haven to ransomware gangs, which it denies. Law enforcement agencies around the world advise organisations not to pay, as it fuels the growth of cyber crime gangs. 

Kev Eley, VP Sales UK & Europe at LogRhythm  commented, "The breach shows that even well-established and trusted brands are not immune to ransomware attacks.. The attack exposed critical employee personal data, including bank, national insurance, and contact details to hackers. This highlights the growing vulnerability many companies are facing when it comes to sophisticated cyber attacks targeting flaws along their software supply chain." 

Organisations of all sizes need to recognize that ransomware attacks are a matter of ‘when’ not ‘if’ and must move from a reactive to a proactive cyber security strategy to stay ahead of relentless threats. A predictive approach that uses Threat Intelligence is absolutely crucial for gaining full visibility into the attack surface and quickly detecting the most immediate network threats.  

  • British Airways (BA) has confirmed it was one of the companies affected by the hack and its staff have been told that personal data including national insurance numbers and possibly bank details and data might have been stolen. 
  • In an email to staff, the BBC said their stolen data includes staff ID numbers, dates of birth, home addresses and national insurance numbers.
  • The Boots retail chain which employs 52,000 people in Britain, emailed employees to warn them that data including home address and national insurance numbers had been stolen.
  • Aer Lingus, which employs 4,000 people, said information on current and former employees, including their national insurance numbers, had been stolen in the breach. 

The UK's National Cyber Security Centre said it was monitoring the situation and urged organisations using the compromised software to carry out security updates.

The attack was first detected when US firm Progress Software said hackers had broken into their MOVEit Transfer tool. MOVEit is software designed to move sensitive files securely. CISA Has recently issued a warning to firms that use MOVEit, instructing them to download a security patch to stop further breaches.

It is likely the cyber criminals will attempt to extort money from organisations rather than individuals and the hackers will likely threaten to publish the stolen data online for other hackers to exploit. Staff at victim organisations need to be vigilant of any suspicious emails that could lead to further attacks. 

Graham Hawkey, Privileged Access Management (PAM) specialist with Osirium commented "Working closely with third parties, whilst bringing many benefits, adds a lot of risks unless key security measures are in place, with the right controls and monitoring...  organisations need to secure remote access without exposing the keys to their kingdom. It’s vital to separate third parties from credentials, not allow VPN access, use multi-factor authentication, and record sessions."

Christine Gadsby, VP Product Security, BlackBerry said “This attack on Zellis underscores that the global cyber risk equally applies to supply chains, as well as individual vendors. Organisations still have lessons to learn from examples like the SolarWinds hack because, all too often, the success of software supply chain attacks plays on an excess of trust. In this case, where those impacted are two-steps removed from the source of the breach, it’s clear to see why businesses can’t afford not to put effective defences in place to cover any possible exposure to attack. 

BlackBerry research has found that more than three-in-four IT and cyber decision-makers currently suffer from a lack of holistic visibility into their security posture. That’s a worrying fact, considering that the same research found that four in five software supply chains were exposed to cyber attack in just 12 months.  

Although no official attribution has been made, Microsoft is reports as saying that it believes the criminals responsible are linked to the notorious Cl0p ransomware group, thought to be based in Russia.

Zellis:   Mandiant:     Blackberry:   BBC:   BBC:      Blackberry:     Guardian:     Telegraph:   Sky:   Mirror:    Metro

Sky:    City AM:    Independent:     Mirror:    JackFM:   

You Might Also Read: 

Which CI/CD Tools Can Promote Supply Chain Security?:

____________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« British Business Moves To Adopt Digital Identity
Cyber Security Insurance - What You Need To Know »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Trustwave

Trustwave

Trustwave is a leader in managed detection and response (MDR), managed security services (MSS), consulting and professional services, database security, and email security.

IGEL Technology

IGEL Technology

IGEL Technology is one of the world's leading thin client vendors. Thin clients increase data security and compliance.

MSAB

MSAB

MSAB is a pioneer in forensic technology for mobile device examination.

MD5

MD5

MD5 is a leading UK provider of Digital Forensic & eDiscovery services to large multi-national corporate businesses, Law Enforcement & Government Agencies, high profile legal firms.

AFCON Control & Automation

AFCON Control & Automation

AFCON is a leading global provider of software solutions and services for the smart management of Control & Automation systems in the age of Digital Transformation.

Hedgehog Security

Hedgehog Security

The key objective of Hedgehog is to provide simple, effective and affordable information security improvements that support your drive to increase productivity and profitability.

The Media Trust

The Media Trust

The Media Trust continuously scans websites, ad tags and mobile apps and alerts on anomalies affecting websites and visitors.

KeepSolid

KeepSolid

KeepSolid is a Virtual Private Network services provider offering secure encrypted access to the internet.

AlAnsari Technical Solutions (ATS)

AlAnsari Technical Solutions (ATS)

ATS is a Kuwait based company specialised in delivering hardware/software, Virtualisation, IP Telephony / Unified Communication, Networking and professional IT services and solutions.

Fedco International

Fedco International

Fedco International is an IT and SCADA ICS Security consultancy firm.

ControlMap

ControlMap

ControlMap is a software as a service platform with a mission to simplify and eliminate stress from everyday operations of modern IT compliance teams.

Cirosec

Cirosec

Cirosec is a specialized company with a focus on information security. We carry out pentests & audits and advise our customers in the German-speaking countries on information and IT security issues.

Symptai Consulting

Symptai Consulting

Symptai Consulting is a leading Cyber Security, Digital Transformation and Anti-Money Laundering firm serving the Caribbean and the wider world.

WhiteJar

WhiteJar

WhiteJar offers an innovative approach to modern cybersecurity needs, empowering Ethical Hackers within its unique crowd platform.

Neosoft

Neosoft

Néosoft is an independent digital transformation consulting group with expertise in Consulting & Agility, Cybersecurity, Data, DevOps, Infrastructure & Cloud and Software Engineering.

CyberNut

CyberNut

CyberNut are a security awareness training solution built exclusively for schools.