/cdn.vox-cdn.com/uploads/chorus_asset/file/23962442/acastro_STK067__03.jpg)
/cdn.vox-cdn.com/uploads/chorus_asset/file/24247717/lp_logo_3.0.jpg){kind=logo}
/cdn.vox-cdn.com/uploads/chorus_asset/file/24016885/STK093_Google_04.jpg)
/cdn.vox-cdn.com/uploads/chorus_asset/file/24808816/Starfield__The_Settled_Systems___Supra_Et_Ultra_____Starfield__The_Settled_Systems___Su)
[ad_1]
A massive hack of the personal data of thousands of employees at some of Britain’s biggest companies by a Russian-speaking criminal gang is expected to spread to the US and ensnare more victims.
British Airways, Boots and the BBC were among the groups on Monday warning staff had been affected by a breach of software used by UK payroll provider Zelis, which serves around half of FTSE 100 companies.
The national broadcaster BBC, with around 20,000 workers, and the pharmacy retailer Boots, with more than 50,000 employees, alerted staff to a potential breach that affected their names, dates of birth and National Insurance numbers. British Airways, which was fined £20mn for leaking customer data in 2020, said it would “provide support and advice” to the staff concerned.
The hack allegedly exploited an unknown weakness in secure file-transfer software, highlighting the growing vulnerability of many companies to sophisticated cyberattacks targeting flaws in their software supply chains.
Hackers are expected to use the data to launch so-called “hack and leak” attacks, threatening to release sensitive information unless companies pay substantial sums, security researchers said. .
At least a fifth of British firms’ data was stolen in the past year by a security firm, an external attacker sophos Said. UK firms could be fined up to four per cent of their annual revenue for mishandling data.
Prior demands from the suspected Russian gang, dubbed Klopp by cyber security experts, have regularly exceeded $1 million and more than $35 million. A person close to Zelis said no group has claimed responsibility and the motive behind the breach is unclear.
The targeted software, MOVEit, was created by Massachusetts-based tech group Progress, which Zelis used in some of its systems. A person familiar with the incident said eight clients of UK Payroll Group were affected.
But the software is more popular in the US, where regulatory disclosure has been slow, making it likely that the list of victims will grow in the weeks ahead, researchers at cybersecurity group SecureWorks said. Other researchers said companies in Canada and India are also likely to be affected.
Martin Riley, director of managed security services at Reading-based Bridewell, said: “If Zelis or others do not agree to pay, those details are likely to end up being sold, and they will be monetized in some form.” ” , who witnessed the attack over the weekend.
The Clop hacking group is known for hunting vulnerabilities in secure file-transfer software, as companies are often required by law to handle some of their most valuable data with such providers.
This makes the hack more attractive than when the same group attacked similar software called Accelion in 2021 and GoAnywhere earlier this year, said Rafe Pilling, senior security researcher at Secureworks. He said that all this makes it possible but of course the hackers are not financially politically motivated.
“The group is Russian-speaking, but it is not a Russian state, it is not Russian-directed and predates the Ukrainian invasion,” he said. “This is not Russia attacking the West.”
As companies have begun to rely on backups to prevent their data from being locked out in ransomware incidents, gangs have gone on the hack and leak attacks in recent months.
“We are already identifying active intrusions at multiple customers and expect more in the short term,” said John Hultquist, principal analyst at Mandiant Intelligence. “Everyone needs to move fast to patch . . . and prepare for the possible public release of their data in cases where they suspect an exploit.
Such vulnerabilities are often shared within criminal gangs, mostly based in Russia, meaning they may have been exploited by various groups of hackers in recent weeks.
Creator of MOVEit inform customers on May 31 that there was an undisclosed vulnerability in its software that could have allowed hackers to steal large amounts of data. The company declined to answer questions about how many of its customers were affected globally, nor whether it had identified the culprit.
“We are engaged with federal law enforcement and other agencies . . . with industry-leading cyber security experts,” Pragati said.
Progress said it had noticed the breaches in May, and suggested changes to settings on its software to cut data leaks while waiting for a more effective update. it said it was released a software update This will help the companies to fix the flaws in their system.
UK companies affected by the hack were first reported by The Daily Telegraph.
“All software owned by Zelis is unaffected and there is no associated incident or compromise with any other part of our IT estate,” Zelis said, adding that it has informed the UK Information Commissioner’s Office, the Director of Public Prosecutions and the National Cyber Security Center was informed. , as well as their counterparts in Ireland.
