British Airways, BBC, and Boots are three of thousands of firms which
have been hit by massive Russia-linked hack [1].
The MOVEIt Transfer vulnerability which criminals have been mass
exploiting for at least a month has allowed hackers access to personal
data including contact, details, national insurance numbers, and bank
details.
Please see a comment from Satnam Narang, Senior Staff Research Engineer
at Tenable [2]:
“We know that ransomware groups have found massive success by double
extorting victims: encrypting files within a targeted organization,
stealing sensitive files and threatening to publish them on the dark web
if the organization doesn’t pay up. However, we’ve also noticed a trend
over the last few years, as groups have either pivoted away from or were
created without file encryption, focusing solely on data theft and
extortion. Since late 2020, file transfer appliances and solutions from
Accellion to GoAnywhere have become a valuable target for
cybercriminals, specifically ransomware groups like Clop who have
managed to breach hundreds of organizations that rely on these solutions
to transfer sensitive data. While we don’t know the specifics around the
group behind the zero day attacks involving MOVEit, it underscores a
worrisome trend of threat actors targeting file transfer solutions.
Organizations that use MOVEit software should assume compromise and
engage in incident response to determine the potential impact, if any.”
