Cyber security experts are bracing for a possible wave of blackmail following the discovery of a vulnerability in encrypted file-sharing software that hackers used to attack a number of companies, including British Airways and the BBC. This is reported by Bloomberg.
Several companies and a Canadian province said they are dealing with violations related to Progress Software Corp.’s MOVEit secure file transfer product. The vulnerability allowed hackers to steal files that companies uploaded to MOVEit.
This led to warnings about the danger that came from the US Department of Homeland Security, the UK’s National Cyber Security Center, Microsoft Corp. and Mandiant. Eventually Progress released an update for the software.
“When we discovered the vulnerability, we promptly launched an investigation, alerted MOVEit customers about the issue and provided immediate mitigation steps,” company spokesperson John Eddy said.
According to Allan Liska, senior intelligence analyst at Recorded Future Inc., publicly available data sources show that there are thousands of vulnerable MOVEit servers that could have been affected by the software bug.
CTO of Mandiant, Charles Carmakal, reported that the first case of MOVEit exploitation happened on May 27.
“We’re expecting the extortion communications to start anytime within the next four weeks or so,” he said. “There is a lot of data that the threat actor has to sort through. When the extortion starts, it will probably carry on for a few months.”
British Airways, pharmacy chain Boots and the BBC have told thousands of employees that personal information may have been compromised in a cyber attack on their payroll provider, Zellis.
We will remind that recently russian hackers hacked GSC Game World and received materials for the game S.T.A.L.K.E.R. 2. The company asked not to view or share spoilers.