06-06-2023 05:00
British Airways, pharmacist Boots and the BBC are among the known victims of a hacking campaign that cybersecurity experts have warned, could collect miles from victims in the coming weeks.
Companies told thousands of employees that their personal information could have been compromised by a cyber attack against his payroll provider, Zellis.
The Government of Nova Scotia was also affected by what appears to be an attack related to the theft of personal information, according to CBC News. A Nova Scotia government representative was not immediately available for comment.
The attacks exploit the same vulnerability in the secure file transfer product Move it, developed by Progress Software Corp., according to statements from several of the affected entities. MOVEit is used by thousands of businesses, including payroll providers, healthcare companies, and information technology providers. The vulnerability allowed hackers to steal files that companies had uploaded to MOVEit, according to Progress.
Progress released a patch for the software last week.
Scams with artificial intelligence: video calls with trout voice and image
“When we discovered the vulnerability, we quickly launched an investigation, alerted MOVEit customers to the issue, and provided immediate mitigation measures,” John Eddy, a spokesman for MOVEit, said in a statement.
A representative for Zellis did not respond to a request for comment, but told the Financial Times that the problem was with the MOVEit software, not Zellis. A Nova Scotia government representative also blamed the breach on MOVEit, according to CBC News.
According to Allan Liska, Principal Intelligence Analyst at Recorded Future Inc., publicly available data sources show that there are thousands of vulnerable MOVEit servers that could have been affected by the software flaw that made the hacks possibleLiska said. Hackers are expected to start contacting companies and demanding payment in cryptocurrency in exchange for not uploading stolen company data online, she added.
The society of (cyber) risk
Alerts for cyber attacks
The flaw has been the subject of numerous security alerts in recent days, including warnings from the US Department of Homeland Security, the UK National Center for Cyber Security, Microsoft Corp. and Mandiant, a Google Cloud subsidiary of Alphabet Inc. Microsoft said that a criminal group of hackers that engages in ransomware and extortion is responsible for the MOVEit hack. The same hackers who breached MOVEit were also responsible for previous hacks of two other secure file transfer products developed by Accellion Inc. and Fortra Inc., Liska said.
“We expect extortion communications to begin any time within the next four weeks”said Charles Carmakal, Mandiant’s chief technology officer. “There is a lot of data that the threat actor has to sort through. When the extortion starts, it will probably go on for a few months.”
Carmakal said the first observed MOVEit exploit attack occurred on May 27.
Increase in piracy in creative works
At British Airways, The hack revealed employees’ personal information, including first and last names and dates of birth, as well as possible bank details, according to a spokesperson for the company, which employs about 35,000 people.
Boots, which has more than 50,000 employees, said that the personal data of employees was affected. The server was taken down and staff have been informed, said a spokesman for Boots, which is owned by Walgreens Boots Alliance Inc.
The BBC constitution that had been affected by the attack on Zellis. One speaker said that he was urgently trying to establish the scope of the data breach.
A representative for the Nova Scotia government would not say what type of information was stolen or who was affected, according to CBC News.
“This is a typical case of a supply chain attack targeting multiple companies while holding extremely sensitive data about employees,” said Jake Moore, a UK-based cybersecurity expert and global adviser to the security firm. ESET cybersecurity. “The security patch being offered is absolutely vital and all affected companies have not already installed it to remain protected.”
LDG/DE
