A recent ransomware attack targeting several major UK corporations has once again highlighted the significant risks organizations face when the cybersecurity measures of their third-party providers are not as robust as expected.
The cyber hacking group known as Clop admitted to breaching a software called MOVEit, which is widely used by businesses for secure data file transfers.
According to reports, one of the notable victims of the attack is Zellis, a UK-based payroll services provider, which confirmed that personal data belonging to high-profile clients like the BBC, British Airways, Aer Lingus, and Boots had been stolen. This breach has raised concerns about the exposure of sensitive information, including employees' home addresses, national insurance numbers, and bank details.
Clop, the hacking group behind the attack, has demanded a ransom from the affected companies, giving them until June 14 to pay in order to prevent the stolen data from being published. This highlights the growing trend of ransomware attacks where hackers not only encrypt data but also threaten to release it if their demands are not met.
Supply chain attacks, such as this incident, are increasingly favored by hackers as a means to infiltrate multiple organizations. This strategy was notably demonstrated in the massive data breach involving software vendor SolarWinds in the United States. Satnam Narang, a senior staff research engineer at cybersecurity vendor Tenable, emphasizes the vulnerability of organizations and warns, "The writing is on the wall: File transfer solutions are a prime target for ransomware groups." This highlights the urgent need for organizations to strengthen their cybersecurity measures, particularly in relation to file transfer systems.
Elliott Wilkes, Chief Technology Officer at cybersecurity firm Advanced Cyber Defence Systems, suggests establishing a cybersecurity risk assessment as part of a company's commercial and procurement processes. Wilkes advises organizations to thoroughly evaluate the security posture and cyber maturity of vendors before entering into contracts. Even if organizations lack extensive cybersecurity expertise, Wilkes suggests looking for key indicators of maturity, such as cybersecurity accreditations like ISO 27001, SOC 2, or the UK's Cyber Essentials Plus. This proactive approach helps organizations assess the capabilities of their vendors and identify potential risks early on.
To further mitigate the risk of such attacks, Wilkes suggests hiring a security company to perform a risk assessment and potentially a penetration test of any in-house systems earmarked for review. Similarly, companies can request potential suppliers to undergo such testing before engaging with them. These proactive measures can help organizations identify vulnerabilities and ensure that their third-party providers meet the necessary security standards.
Lorri Janssen-Anessi, the director of external cyber assessments at cybersecurity firm BlueVoyant, emphasizes the importance of keeping affected organizations' software up to date. Janssen-Anessi recommends updating to the latest patched version of MOVEit Transfer, the software that was compromised in this attack. Additionally, organizations should assess the extent of the damage already incurred and communicate clearly with their staff. Janssen-Anessi advises organizations using the transfer platform to check for potential signs of unauthorized access over the past 30 days, as hackers may have installed malware like "web shells" to enable further cyberattacks.
Phil Robinson, a principal consultant at cybersecurity consultancy Prism Infosec, emphasizes the significance of established security practices in minimizing the risk of similar incidents. He suggests maintaining up-to-date software, implementing a regular patch management policy, and conducting regular penetration testing and security auditing. By adopting these practices, organizations can reduce their attack surface and strengthen their defenses against cyber threats. Robinson emphasizes the need for businesses to prioritize minimizing data exposure and conducting due diligence when assessing the level of risk associated with third-party software. He notes, "We could well see more of these types of extortion attacks, so businesses no longer need to just focus on backing up their data."
The recent ransomware attack serves as a stark reminder of the importance of robust cybersecurity measures, thorough risk assessments, and vigilant monitoring of third-party providers. Organizations must prioritize cybersecurity in their procurement processes, evaluate vendors' security posture, and ensure that necessary measures such as regular updates, patch management, and testing are in place. By taking these proactive steps, businesses can minimize the risks associated with supply chain attacks and better protect their sensitive data and operations.
By fLEXI tEAM