Three of the UK’s most well-known brands – the BBC, British Airways and Boots – have each been given an ultimatum by a cybercrime gang known as Cl0p, which claims to have stolen the personal details of over 100,000 people employed across at least six organizations in total.
Cl0p is thought to have exploited a zero-day vulnerability in the MOVEit document transfer app as an entry point to carry out a supply-chain attack. As reported by the BBC, “The criminals found a way to break into a piece of popular business software called MOVEit and were then able to use that access to get into the databases of potentially hundreds of other companies.”
The list of victims also includes Zellis, a payroll services provider, whose customers include the current list of victims and other businesses. According to The Register, those responsible “had been "mass exploiting" the SQL-injection vulnerability in MOVEit for at least a month to break into IT environments and steal data.”
If the companies have not contacted Cl0p by June 14th, its demand says, stolen data will be posted online. This is thought to include details such as names, addresses and even bank details.
Commenting on the incident, Matt Cavey, Director of Cloud Architecture at Glasswall said:
"The importance of safeguarding the software supply chain has gained significant attention due to its vulnerability to malicious actors aiming to compromise software and introduce vulnerabilities. The aftermath of the SolarWinds attack, in particular, has prompted increased scrutiny and emphasis on protecting the supply chain.”
He continued, “This heightened focus is exemplified by President Biden's executive order, which seeks to bolster the nation's cybersecurity posture by establishing baseline security standards for government-purchased software, implementing a Software Bill of Materials (SBOM) for critical software, and advocating for secure software development practices. As this attack targeted the commercial sector, it reinforces the need for companies to similarly elevate their expectations of software vendors to ensure enhanced security measures, mirroring the actions taken by the US government."
To read more about how Glasswall protects against file-based threats, click here.