BBC, Boots and British Airways affected by malware gang attack

A

cyber
attack
against
document
transfer
app
MOVEit
has
resulted
in
data
breaches
of
several
high-profile
UK
organizations
and
businesses.
Those
affected
includes
the
British
Broadcasting
Company
(BBC),
health
and
beauty
retailer
Boots
and
UK-based
airline
British
Airways. 

The
attack
involved
the
exploitation
of
a
critical
vulnerability
in
MOVEit’s
infrastructure
which
allows
malicious
actors
to
break
into
company
networks
and
steal
data.
The
vulnerability
was
flagged
by
security
researchers
and
the
US
government
on
June
1.
The
US
Cybersecurity
and
Infrastructure
Security
Agency
(CISA)
urged
all
MOVEit
clients
to
check
for
indications
that
malicious
actors
had
gained


unauthorized
access
to
their
networks
over
the
past
30
days
and
to
download
and
install
the
software
patch
released
by
MOVEit
to
address
the
issue. 

On
June
5,
payroll
provider
Zellis
issued
a
statement
that
its
third-party
provider,
MOVEit,
had
been
the
victim
of
a
cyber
attack,
leading
to
data
breaches
for
some
of
its
customers.
Zellis’
customers
include
a
number
of
high-profile
companies
such
as
Dyson,
Harrods,
Sky,
Land
Rover
and
Jaguar.
According
to
Zellis,
however,
only
a
“small
number
of
[its]
customers
[were]
impacted
by
this
global
issue”. 

Once
Zellis
became
aware
of
the
attack,
the
company
disconnected
its
server
that
utilizes
MOVEit
software
and
engaged
an
external
cyber
security
company
to
conduct
a
forensic
investigation
into
the
cyber
attack
and
to
further
monitor
its
systems.
The
Information
Commissioner’s
Office
(ICO),
the
Data
Protection
Commission
(DPC)
and
the
National
Cyber
Security
Center
(NCSC)
in
both
the
UK
and
Ireland
have
also
been
contacted
regarding
the


cyber
security
incident.

The
attack
against
MOVEit
was
allegedly
carried
out
by


ransomware
gang
Clop.
Clop
ransomware
was
first
identified
in
February
2019.
The
gang
has
appeared
to
be
getting
more
active
in
the
past
few
months,
with
more
victims’
details
posted
to
the
Clop

malware
leaks
site,
including
a
cyber
attack
carried
out
against
cyber
security
company
Fotra
GoAnywhere.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts