Ofcom, the UK regulator for the communications industry, has announced that they have been a victim of the MOVEit cyber-attack believed to have been carried out by Russian cyber gang Clop. Moveit is a popular tool created by Progress software which is used by organisations to share sensitive information with partners or customers. The cyber criminals took advantage of a vulnerability in the third party software to gain access and steal data resulting in Ofcom being affected through software that was not even their own!
The attack is known as a supply chain attack first disclosed when Progress software revealed that cyber criminals had found a way to gain access to the popular transfer tool.
Alarmingly even companies who do not use the tool may have been affected through third party arrangements. An example of this as mentioned in the BBC news article on the subject, of which the full article can be viewed via the useful links section below;
“The BBC, for example, has had data from current and past employees stolen because Zellis, a company that the broadcaster uses to process the payroll, used MOVEit and fell victim.
It is understood eight companies that use Zellis are affected, including the airlines British Airways and Aer Lingus, as well the retailer Boots. Dozens of other UK companies are thought to be using MOVEit.”
The cyber criminals have threatened to reveal the data they have stolen if negotiations do not begin soon. Despite this, victims are always discouraged from paying as it funds the growth of criminal organisations and makes them a more likely target. Additionally, there is no guarantee that the criminals will not just go and release the data anyway or use it for secondary attacks.
The vulnerability was discovered last month and has been recently patched by the vendor.
A statement from Ofcom on the attack says:
“A limited amount of information about certain companies we regulate – some of it confidential – along with personal data of 412 Ofcom employees, was downloaded during the attack.
The security of commercially confidential and sensitive personal information provided to Ofcom is taken extremely seriously.
We took immediate action to prevent further use of the MOVEit service and to implement the recommended security measures. We also swiftly alerted all affected Ofcom-regulated companies, and we continue to offer support and assistance to our colleagues.
No Ofcom systems were compromised during the attack.”
The spate of attacks on high profile targets such as the BBC, British Airways now Ofcom amongst others demonstrates that these attacks are not the work of chancers or amateurs, the are carried out by highly skilled determined individuals who have meticulously planned out every move.
Progress Software issues continue…
Prior to this vulnerability Progress Software announced another vulnerability in the product, this time being brought to their attention by security researchers. It is believed this vulnerability may have had a similar impact to the one mentioned above.
This highlights the need to ensure that any software that you use is regularly updated and patched. You must choose the software you use carefully and with due diligence. It is also important to conduct research on the vendor to ensure they handle your data securely. If the vendor no longer offers security updates, then find an alternative, its not worth the risk!
Useful links:
Computer weekly article on the topic:
https://www.computerweekly.com/news/366541003/Ofcom-data-stolen-in-MOVEit-cyber-attack
Ofcom statement on the attack:
https://www.ofcom.org.uk/news-centre/2023/ofcom-statement-on-moveit-cyber-attack
Cyber Security Hub article on the attack:
https://www.cshub.com/attacks/news/british-watchdog-ofcom-latest-victim-of-moveit-attack
BBC news article on the attack:
https://www.bbc.co.uk/news/technology-65877210
Comments