Cyber Security News Roundup – 12th June 2023

It's a new week, and that means a round up of some of the cyber security and data protection news headlines over the last 7 days! To learn more about each story, click the headings.

Clop ransomware claims responsibility for MOVEit extortion attacks

5/6

The Clop ransomware operation returned to the headlines last week, after confirming to Bleeping Computer that they are behind a new wave of cyber-attacks. Clop has been actively exploiting a zero-day vulnerability in the MOVEit file transfer service in order to breach servers and steal data from “hundreds of companies”. A representative from the ransomware group also confirmed that the vulnerability has been exploited since the 27^th of May, with Clop known for conducting large-scale attacks during holidays due to minimal staff levels. Clop did not confirm the number of victims that have been breached, however stated that stolen data would be published on their leaks site if ransom demands are not met – the group also did not confirm that extortions had begun, with Clop known to take time (up to a month in some cases) to review what data is valuable for leverage purposes. (Bleeping Computer)

British Airways, Boots and BBC among companies hit by cyber security attack

5/6

British Airways, Boots and the BBC have notified thousands of their employees that they have been affected by suspected Clop breaches targeting the MOVEit file transfer software used by Zellis, a UK payroll provider which serves nearly half of FTSE 100 companies.  The Clop attacks highlight the risk of cyber criminals targeting flaws along software supply chains, with eight of Zellis' UK customers known to have been affected, and more expected in the US.  It is likely that if Zellis or their partners do not pay ransom demands (which with the Clop operation are regularly above $1 million) then the stolen data will be published and put up for sale – the “hack and leak” nature of the breaches makes it all but certain that the criminals are financially, and not politically, motivated. (Financial Times)

Japanese pharma giant Eisai discloses ransomware attack

8/6

One of Japan’s largest pharmaceutical companies, Eisai, have fallen victim to a ransomware incident that saw cyber criminals encrypt several of their servers. The incident was first detected on the 3^rd of June, which led to Eisai implementing their incident response plan and launching an investigation, as well as notifying the relevant authorities. Immediately after discovering the attack Eisai took many of their IT systems offline to contain any damage and prevent further spread, and until their investigations have concluded Eisai has been forced to keep several of its systems, including both inside and outside of Japan, offline. It is still being investigated, however there is a potential risk of data leakage. (Bleeping Computer)

HSE impacted by cyber attack involving outside provider

9/6

The Health Service Executive of Ireland became yet another victim of the MOVEit zero-day vulnerability attacks last week. The HSE first became aware of the incident on the 8^th of June, after being alerted by their external service provider EY. In a statement, the HSE confirmed that the attack was criminal in nature, with stolen data including names, addresses, mobile numbers, and general information, but no other personal identification data or financial information. Ireland’s Health Service Executive was previously the victim of a major cyber attack in May 2021, with the State spending watchdog outlining €657 million of investment required to implement cyber security measures over 7 years. (RTÉ)

University of Manchester hit by cyber attack

10/6

The University of Manchester has been targeted by a cyber attack, with the university's chief operating officer comfirming that data may have been copied. The university stated that there was no known link between this incident and the recently exploited MOVEit zero-day vulnerability, adding that staff are working around the clock to resolve the incident. The Information Commissioner's Office, the National Cyber Security Centre and National Crime Agency have also been notified and are now working with the university (BBC News)

Attempted cyber attacks occur every second, and as we can see from the recent headlines, constantly change in nature. It's vital that your organisation is as protected as possible from all forms of cyber crime, so Contact Celerity to find out how we could protect your business!