Cyber Attack Targets Major UK Companies with MOVEit Hack

A wide-reaching cyber attack, reportedly carried out by a Russian-speaking criminal gang, has compromised the personal data of thousands of employees across multiple UK-based organizations, leading to concerns about a possible spread to the United States.

Prominent UK companies such as British Airways, Boots, and the BBC have warned their employees about a data breach that impacted Zellis, the UK payroll provider responsible for handling nearly half of FTSE 100 companies' payroll needs. Personal information such as names, dates of birth, and National Insurance numbers were affected by the breach.

The criminals exploited an unknown vulnerability in a file-transfer software known as MOVEit, highlighting the growing risks companies face from sophisticated cyber attacks aimed at software supply chain flaws. The incident underscores the escalating threat of "hack and leak" attacks where hackers threaten to release sensitive data unless a ransom is paid.

Clop Hacking Group - Suspect

The suspected gang behind this attack, known as Clop, is notorious for demanding ransoms often exceeding $1 million. Interestingly, no group has yet claimed responsibility for the breach, leaving its motive unclear.

Clop is known for hunting vulnerabilities in secure file-transfer software, a fact that makes such attacks more lucrative since these software often handle some of the most valuable data of companies. Security experts, such as Rafe Pilling at Secureworks, suggest that the group's actions are financially motivated rather than political.

Could be Large-Scale Cyber Attack

Experts at Secureworks and other cybersecurity groups suggest that the impact of this attack could soon reach the US, given the wider use of MOVEit software in the country. It’s also worth noting that regulatory disclosure tends to be slower in the US, suggesting that more victims may emerge over time. Researchers also predict that companies in Canada and India might be affected as well.

The attack on Zellis marks another worrying chapter in the escalating trend of "hack and leak" attacks, where cybercriminals, many based in Russia, exploit vulnerabilities in software to steal and potentially monetize sensitive data.

In response to the attack, Massachusetts-based tech group Progress, the creators of MOVEit, recommended adjustments to software settings to curtail data leaks while waiting for a more effective update. The company also issued a software update to address the flaw in its systems.

Zellis has stated that all its other software is unaffected and that there have been no related incidents or compromises to any other parts of its IT estate. It has informed the UK Information Commissioner’s Office, the director of public prosecutions, and the National Cyber Security Centre about the breach.

The Takeaway

The recent attack underscores the growing threat of cyber attacks and the increasing vulnerability of companies to breaches along their software supply chains. It also highlights the importance of proactive measures such as robust cybersecurity practices, quick incident response, and regular system updates. Moreover, the need for companies to move fast to patch their systems and prepare for potential public data leaks is greater than ever.

As businesses worldwide become more reliant on digital tools and processes, it's essential to remember that cybersecurity is not just an IT concern—it's a critical component of business strategy that affects every facet of an organization.