A rising number of organizations, namely the BBC, British Airways, Boots, and Aer Lingus, are being impacted by a widespread attack.
Staff members have received warnings that personal information, including social security numbers and, in some circumstances, bank information, may have been stolen.
The hackers used a well-known piece of software as a gateway to access numerous businesses simultaneously. There are no reports of money being taken or requests for ransom.
One of the impacted businesses in the UK is the payroll services provider Zellis, which reported that data from eight of its customer organizations had been taken.
Although it wouldn’t give names, organizations are individually notifying employees.
The BBC stated that the information obtained consisted of staff ID numbers, dates of birth, home addresses, and national insurance numbers in an email to employees.
British Airways employees have been cautioned that several might have had their bank information stolen.
Organizations employing the hacked software are recommended to update their security, according to the UK’s National Cyber Security Centre, which said it was keeping an eye on the situation.
When US business Progress Software said that hackers had discovered a means to access its MOVEit Transferring application last week, the exploit was first made public. The majority of MOVEit’s users are in the US, but it is well-known throughout the world for its ability to move critical files safely.
When the exploit was found, according to Progress Software, it immediately informed its clients and made a security update available for download.
A company spokeswoman stated that the company is collaborating with the police in order to “fight ever-more sophisticated and relentless cybercriminals focused on fraudulently abusing flaws in commonly utilized software products.”
Businesses using MOVEit were advised to download a security patch on Thursday by the US Cybersecurity and Infrastructure Security Agency to prevent further breaches. However, security researcher Kevin Beaumont claimed that because many impacted companies had not yet installed the remedy, internet scans revealed that thousands of company datasets may still be exposed.
Early signs suggest that many well-known organizations are impacted, he said.
According to experts, it is more probable than not that those cybercriminals will try to extort money from businesses rather than from individuals.
Although there haven’t been any public ransom requests, it is anticipated that fraudsters will start emailing the impacted organizations to demand payment.
They are probably going to threaten to post the stolen information online for potential hackers to browse.
Organizations for victims are warning staff to be on the lookout for any strange communications that could result in additional cyberattacks.
Microsoft stated that it believes the criminals involved are connected to the infamous Cl0p ransomware organization, presumed to be based in Russia, despite the fact that no formal attribution has been made.
The US IT company claimed in a blog post that Lace Tempest, a ransomware operator and operator of the Cl0p extort portal where victim data is exposed, was responsible for the attacks. The business claimed that the hackers involved have previously used such methods to steal data and blackmail victims.
According to John Shier of the cyber security firm Sophos, “This latest round of attacks is an additional example of the importance of supply chain security.”
Even though Cl0p has been associated with this active exploitation, he continued, “It is likely that other threat groups are ready to take advantage of this vulnerability as well.”
According to information provided to the BBC by the UK’s National Crime Agency, several UK-based organizations were “impacted by a cyber incident” as a result of a previously unrecognized security hole in MOVEit Transfer.
The NCA continued by stating that it was ” performing several works with partners to encourage those organizations and comprehend their complete effect on the UK.”
About The Author:
Yogesh Naager is a content marketer that specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blog, he’s also written for brands including CollegeDunia, Utsav Fashion, and NASSCOM. Naager entered the field of content in an unusual way. He began his career as an insurance sales executive, where he developed an interest in simplifying difficult concepts. He also combines this interest with a love of narrative, which makes him a good writer in the cybersecurity field. In the bottom line, he frequently writes for Craw Security.
Kindly read another article: