BBC, BA and Boots among victims of cyberattacks

BBC logo at NBH

BBC logo at NBH

The BBC, British Airways, Boots and Aer Lingus are among a growing number of organizations affected by mass hacking.

Staff have been warned that personal data including national insurance numbers and in some cases bank details may have been stolen.

Cybercriminals broke into important software to gain access to multiple companies at once.

There are no reports of ransom demands or stolen money.

In the UK, payroll service provider Zellis is one of the companies affected and it said the data of eight of its corporate customers had been stolen.

It wouldn’t reveal names, but the organizations are independently issuing warnings to staff.

In an email to employees, the BBC said the data stolen included staff identification numbers, dates of birth, home addresses and national insurance numbers.

British Airways staff have been warned that some may have had their bank details stolen.

The UK’s National Cyber ​​Security Center said it was monitoring the situation and urged organizations using the compromised software to perform security updates.

The hack was first revealed last week when US firm Progress Software said hackers had found a way to break into their MOVEit transfer tool. MOVEit is software designed to move sensitive files securely and is popular worldwide with most of its customers in the United States.

Progress Software said it alerted its customers as soon as the hack was discovered and promptly released a downloadable security update.

A spokesperson said the company was working with law enforcement to “combat increasingly sophisticated and persistent cybercriminals intent on maliciously exploiting vulnerabilities in widely used software products.”

The US Cybersecurity and Infrastructure Security Agency on Thursday issued a warning to companies using MOVEit, asking them to upload a security patch to prevent further breaches.

But security researcher Kevin Beaumont said internet scans revealed thousands of company databases could still be vulnerable, as many affected companies have yet to install the patch.

“Early indications show that a large number of leading organizations are affected,” he said.

Experts said it is likely that cybercriminals will try to extort money from organizations rather than individuals.

No ransom note has yet been made public, but it is expected that cyber criminals will start sending emails to the affected organizations to demand payment.

They will likely threaten to post the stolen data online for other hackers to recover.

Victim organizations are reminding staff to be alert to any suspicious emails that could lead to further cyberattacks.

Although no official attribution has been made, Microsoft has said it believes the criminals responsible are linked to the notorious Cl0p ransomware group, which is believed to be based in Russia.

In a blog post, the US tech giant said it attributed attacks to Lace Tempest, known for its ransomware operations and running the Cl0p extortion website where victim data is posted. The company said the hackers responsible had used similar techniques in the past to steal data and extort victims.

“This latest round of attacks is yet another reminder of the importance of supply chain security,” said John Shier of cybersecurity firm Sophos.

“Although Cl0p has been linked to this active exploit, it is likely that other threat groups are also ready to use this vulnerability,” he added.

Leave a Comment