Cyber security officials in the United States and Britain have warned that a hack of a popular file transfer program among corporations by a Russian cyber-extortion gang could have widespread global impact. Initial victims of the data theft included the BBC, British Airways and the Nova Scotia government.
“This is potentially one of the biggest breaches in recent years,” said Brett Callow, an analyst at cybersecurity firm Emsisoft. “We’ll have a better idea of how important this is as more details emerge about the number and type of organizations affected.”
The Cl0p ransomware syndicate announced on its dark website late Tuesday that its victims, which it suggests number in the hundreds, had until June 14 to get in touch to negotiate a ransom or risk having their sensitive data stolen. are poured online.
The exploited program, MOVEit, is widely used by businesses for secure file sharing. Its US manufacturer’s parent company, Progress Software, alerted customers to the breach on May 31 and issued a patch. But cybersecurity researchers say dozens, if not hundreds of companies may have had sensitive data quietly exfiltrated.
“There are certainly organizations that don’t even know they’re affected yet,” said Caitlin Condon, a senior manager of security research at cybersecurity firm Rapid7, noting that MOVEit is particularly popular in North America.
“We have seen a wide range of organizations affected by this attack in healthcare, financial services, technology, manufacturing, insurance, government and more,” Condon said by email, adding that more companies can be expected to disclose data theft. , particularly “as regulatory reporting requirements come into play.”
Asked to confirm the identities of several reported victims, a Cl0p spokesperson responded to an Associated Press email inquiry, saying: “We have not yet reviewed the company’s files, as you can see on our site; we have given the opportunity to companies to decide their privacy before our actions”.
Zellis, a leading UK payroll service provider serving British Airways, the BBC and hundreds of others, was one of the affected users. Zellis said Monday that a “small number” of his clients have been affected by what cybersecurity professionals call a supply chain breach because the commitment of a single software vendor can have such a profound impact.
“We have notified those colleagues whose personal information has been compromised to provide support and advice,” British Airways said in a statement.
The BBC, which employs around 22,000 people worldwide, said it was working with Zellis as it sought to establish the scope of the leak. The broadcaster said in an email sent to all UK staff and freelancers on Monday that data including dates of birth, national insurance numbers and home addresses have been released. But it said bank account details had apparently not been compromised and there was “no evidence that the data was being exploited.”
UK pharmacy chain Boots, which employs more than 50,000 people, also said it had informed staff about the hack.
The Nova Scotia government confirmed on Sunday that it was among the victims and said that the data of some residents was exposed. The Canadian Provincial Health Authority uses MOVEit to share sensitive and confidential information.
The University of Rochester issued a statement last Friday suggesting it was among the victims, but a spokeswoman, Sara Miller, would not confirm that it used MOVEit or discuss what data was stolen.
‘Extremely sensitive data’
“What’s puzzling about MOVEit is that enterprise organizations use it almost exclusively to share extremely sensitive data with each other,” said Jared Smith, a threat analyst at cybersecurity firm SecurityScorecard. Basically, companies that don’t trust Dropbox or Google Drive to be secure enough for their business.
And that specifically means the kind of sensitive data that “adds more fuel to the fire of the already existing identity theft ecosystem,” said Alex Heid, director of research at Security Scorecard.
The company discovered 2,500 vulnerable MOVEit servers in 790 organizations, including 200 government agencies. Smith said it was not possible to break down those agencies by country. It was not known how many vulnerable MOVEit servers were hacked.
Hackers have been actively seeking out targets, penetrating them and stealing data since at least March 29, Smith said.
Cl0p is among the world’s most prolific cybercrime syndicates and this is not the first time it has breached a file transfer program to gain access to data it could then use to extort business. Other instances include GoAnywhere servers in early 2023 and Accellion file transfer app devices in 2020 and 2021.
In a joint advisory issued Wednesday, the US Cybersecurity and Infrastructure Security Agency and the FBI said Cl0p is estimated to have “compromised more than 3,000 US-based and 8,000 global organizations.” .
“Because of the speed and ease (with which) it has exploited this vulnerability and based on its past campaigns, the FBI and CISA expect to see widespread exploitation of unpatched software services on public and private networks.”
Cl0p claims it does not extort money from governments, cities or law enforcement agencies, but cybersecurity experts say it is likely a tactic to try to avoid direct conflict with law enforcement and cannot be trusted the financially motivated gang makes good on its promise to wipe the stolen data from those targets.
Discover more from PressNewsAgency
Subscribe to get the latest posts sent to your email.