A growing number of global businesses appear to be affected by a recently discovered zero-day vulnerability in popular file transfer software, exploited by the Clop ransomware gang.
The BBC, BA, Boots and the Nova Scotia government have also been affected so far, according to reports, but Sky News claimed that “thousands” of organizations have been affected.
Several victims, including BA and Boots, are believed to be customers of payroll provider Zellis, which confirmed in a short statement that “a small number of customers” were affected. .
“Upon becoming aware of this incident, we took immediate action, disconnected the servers running the Moveit software, and dispatched an external security incident response team to assist with forensic analysis and ongoing monitoring.” added.
Bugs in MOVEit Transfer and MOVEit Cloud were patched on May 31st and first exploited by extortion groups on the weekend of May 27th. by Microsoft Yesterday’s attack on Klopp’s Race Tempest (FIN11).
For more information about the MOVEit flaw, see Critical Zero-Day Flaw Exploited in Moveit Transfer.
This campaign does not appear to use a ransomware payload. Rather, it involves simpler data theft and ransom demands. action modeCompanies unwilling to pay will likely publish their information on the Cropleak site.
At least in such cases, the stolen data would include employee details such as BBC staff national insurance numbers. However, for other affected companies, it depends on how they use the MOVEit software.
The National Cyber Security Center (NCSC) issued a short statement urging MOVEit customers to “act immediately by following vendor best practice advice and applying recommended security updates.”
Kingsley Hayes, head of data and privacy litigation at Keller Postman UK, warned that the organization remains responsible for data loss.
“Even though Moveit was hacked, employers remain responsible for the security of their employee data,” he added. “Following a breach, the ICO will want to know more about the security measures of affected organizations and their relationship with Zellis regarding data protection.”
CyberSmart co-founder and CEO Jamie Akhtar said the incident shows how a single vulnerability in a supply chain can cause widespread damage. Stated.
“This is a stark reminder of the risks posed by third-party suppliers and supply chains. Even if you have your own cybersecurity in place, there is no guarantee that you will be completely protected from breaches.” he argued.
“With this in mind, we urge all companies to map their supply chain dependencies. The goal is to understand their supplier networks so they can effectively manage and respond to cyber risks. It is to make
This incident is a reminder of the exploitation of a zero-day vulnerability in the Accellion File Transfer Appliance (FTA) product, also related to FIN11, leading to data breaches at countless customer organizations.
