Giving little more information, Ofcom have confirmed that they too were victims of the mass cyber-attack currently affecting MOVEit, a secure file transfer service.
Ofcom state that 412 Ofcom employees fell victim to this hack, as well as confidential information on companies they regulate.
Ofcom state that after discovering the breach, they swiftly alerted all affected parties. This includes the employees, past and current, as well as the companies. While no payroll data was affected in this case, Ofcom state that they ”took immediate action to prevent further use of the MOVEit service and to implement the recommended security measures.”
After this, Ofcom reportedly referred the matter to the data and privacy watchdog, the Information Commissioners Office (ISO). Luckily, Ofcom say that no systems were compromised during the attack.
The MOVEit hack was the breaching of a software designed to move confidential files- such as employee and payroll information. Due to these capabilities, it is seen in companies all around the world.
Even those using the software indirectly have been affected, as the BBC fall victim to the hack after the payroll services provider Zellis is hit by the hack, causing the BBC to have private data stolen from its employees, including staff ID numbers, dates of birth, home addresses and national insurance numbers.
The BBC are only one of eight client firms that Zellis have reported to have had information breached.
How did it happen?
The hack was first reported by the US company Progress Software, the creators of the MOVEit software. They announced that hackers had found a way to break into the transfer tool. Progress said they alerted customers as soon as the hack had been discovered, and quickly released a security update worldwide.
A spokesperson stated the company is working with law enforcement in an attempt to ”combat increasingly sophisticated and persistent cybercriminals intent on maliciously exploiting vulnerabilities in widely used software products”.
Despite the security update, researchers such as Kevin Beaumont say scans have revealed thousands of company databases may still be at risk. This is due to firms simply not installing the fix yet.
Experts predict that the hackers will attempt to extort money from the organisations instead of individuals. While no ransom demands for this have been released yet, it’s expected that cyber-criminals will begin emailing affected parties to demand payment. The most likely threat, according to experts, is that the hackers will threaten to publish the stolen data for other hackers to view and pick through.
As a follow-up to this attack, victim organisations urge staff to avoid any suspicious emails that could lead to any further cyber attacks on either the staff’s organisation, or them personally.
So, who did it?
So far, there has been no official statement as to who is behind the cyber attack. Despite this, Microsoft say they believe the infamous Russian ransomware group, Cl0p, are behind the attack. The tech giant state it had been attributing this attack to Lace Tempest. Lake Tempest is an individual known for ransomware operations and being the leader of the Cl0p extortion site. This site is where the data of the victims is published. Microsoft say the hackers responsible have used similar methods in the past to extort victims and steal data.
”This latest round of attacks is another reminder of the imprtance of supply chain security. While Cl0p has been linked to this active exploitation it is probable that other threat groups are prepared to use this vulnerability as well.”
John Shier, of cybersecurity company Sophos
The National Crime Agency (NCA) state they are aware multiple UK organisations were impacted by a cyber ‘incident’. They also attribute this to the security flaw found in the MOVEit software.
The NCA also added that they were ‘working with partners to support those organisations and understand the full impact on the UK’.