BBC, British Airways and many more companies fall to one of the biggest global supply-chain hacking attack

BBC, British Airways and Nova Scotia’s government have reportedly become victims of one of the biggest global supply chain-related hacking attacks in recent times. According to a report in Associated Press, the US and British cybersecurity officials have warned that a Russian cyber-extortion gang’s hack of a file-transfer program popular with corporations could have widespread global impact. The range of companies affected by this attack are believed to be from across sectors. These include health care, financial services, technology, manufacturing, insurance, government, and more.

“This is potentially one of the most significant breaches of recent years,” Brett Callow, an analyst at the cybersecurity firm Emsisoft, told AP. “We’ll have a better sense of how significant it is as more details emerge about the number and type of organizations impacted,” he added.

Who is the hacker
The Cl0p ransomware syndicate announced on its dark web site late Tuesday (June 6) that its victims — who it claims are in the hundreds — have until June 14 to get in touch to negotiate a ransom or risk having sensitive stolen data dumped online. Cl0p is among the world’s most prolific cybercrime syndicates and this is not the first time it has breached a file-transfer program to gain access to data it could then use to extort companies. Other instances include GoAnywhere servers in early 2023 and Accellion File Transfer Application defices in 2020 and 2021

What is the software that has been hacked
The exploited program, MOVEit, is widely used by businesses to securely share files. The parent company of its MOVEit is US-based Progress Software. It alerted its customers to the breach on May 31 and issued a patch. However, cybersecurity researchers fear that by then at least hundreds of companies may have had sensitive data quietly exfiltrated. MOVEit software is particularly popular in the US.

Researchers at security company Security Scorecard have detected 2,500 vulnerable MOVEit servers across 790 organizations, including 200 government agencies. It is however not known how many vulnerable MOVEit servers were hacked. The hackers are said to be actively scanning for targets, penetrating them and reportedly stealing data at least as far back as March 29.

Large number of companies impacted
When asked to confirm the identity of several reported victims, a Cl0p spokesperson reportedly responded to an email query said, “We have not yet examined company files as you can see on our site, we have given the opportunity to companies to decide their privacy before our actions.”

Zellis, a leading payroll services provider in the UK that serves British Airways, the BBC and hundreds of others, is among impacted users. “We have notified those colleagues whose personal information has been compromised to provide support and advice,” British Airways said in a statement.

The BBC said it was working with Zellis as it sought to establish the extent of the breach. The broadcaster said in an email sent Monday to all UK staff and freelancers that data including birthdates, national insurance numbers and home addresses was disclosed. But it said that bank account details had apparently not been compromised, and there was “no evidence that the data is being exploited.”

The UK drugstore chain Boots, which employs more than 50,000 people, also said that it told staff about the hack.

US cybersecurity agency issues alert
In a joint advisory issued Wednesday, the US Cybersecurity and Infrastructure Security Agency and FBI said Cl0p “is estimated to have “compromised more than 3,000 US-based organizations and 8,000 global organizations.” “Due to the speed and ease (with which it) has exploited this vulnerability, and based on their past campaigns, FBI and CISA expect to see widespread exploitation of unpatched software services in both private and public networks,” the statement added.

FacebookTwitterLinkedin

end of article

BBC, British Airways and Nova Scotia’s government have reportedly become victims of one of the biggest global supply chain-related hacking attacks in recent times. According to a report in Associated Press, the US and British cybersecurity officials have warned that a Russian cyber-extortion gang’s hack of a file-transfer program popular with corporations could have widespread global impact. The range of companies affected by this attack are believed to be from across sectors. These include health care, financial services, technology, manufacturing, insurance, government, and more.

“This is potentially one of the most significant breaches of recent years,” Brett Callow, an analyst at the cybersecurity firm Emsisoft, told AP. “We’ll have a better sense of how significant it is as more details emerge about the number and type of organizations impacted,” he added.

Who is the hacker
The Cl0p ransomware syndicate announced on its dark web site late Tuesday (June 6) that its victims — who it claims are in the hundreds — have until June 14 to get in touch to negotiate a ransom or risk having sensitive stolen data dumped online. Cl0p is among the world’s most prolific cybercrime syndicates and this is not the first time it has breached a file-transfer program to gain access to data it could then use to extort companies. Other instances include GoAnywhere servers in early 2023 and Accellion File Transfer Application defices in 2020 and 2021

What is the software that has been hacked
The exploited program, MOVEit, is widely used by businesses to securely share files. The parent company of its MOVEit is US-based Progress Software. It alerted its customers to the breach on May 31 and issued a patch. However, cybersecurity researchers fear that by then at least hundreds of companies may have had sensitive data quietly exfiltrated. MOVEit software is particularly popular in the US.

Researchers at security company Security Scorecard have detected 2,500 vulnerable MOVEit servers across 790 organizations, including 200 government agencies. It is however not known how many vulnerable MOVEit servers were hacked. The hackers are said to be actively scanning for targets, penetrating them and reportedly stealing data at least as far back as March 29.

Large number of companies impacted
When asked to confirm the identity of several reported victims, a Cl0p spokesperson reportedly responded to an email query said, “We have not yet examined company files as you can see on our site, we have given the opportunity to companies to decide their privacy before our actions.”

Zellis, a leading payroll services provider in the UK that serves British Airways, the BBC and hundreds of others, is among impacted users. “We have notified those colleagues whose personal information has been compromised to provide support and advice,” British Airways said in a statement.

The BBC said it was working with Zellis as it sought to establish the extent of the breach. The broadcaster said in an email sent Monday to all UK staff and freelancers that data including birthdates, national insurance numbers and home addresses was disclosed. But it said that bank account details had apparently not been compromised, and there was “no evidence that the data is being exploited.”

The UK drugstore chain Boots, which employs more than 50,000 people, also said that it told staff about the hack.

US cybersecurity agency issues alert
In a joint advisory issued Wednesday, the US Cybersecurity and Infrastructure Security Agency and FBI said Cl0p “is estimated to have “compromised more than 3,000 US-based organizations and 8,000 global organizations.” “Due to the speed and ease (with which it) has exploited this vulnerability, and based on their past campaigns, FBI and CISA expect to see widespread exploitation of unpatched software services in both private and public networks,” the statement added.

FacebookTwitterLinkedin

end of article