MOVEit cyber attack – Don’t let it be you!

Clop Cyber Gang

The UK communications regulator Ofcom has announced that it has been targeted by the Clop cybercrime gang, which predominantly operates in the Russian-speaking region. The attack exploited a SQL injection vulnerability in Progress Software’s MOVEit Transfer managed file transfer service. Ofcom acknowledged that a limited amount of information, including confidential data pertaining to the companies it regulates and the personal details of a number of employees, was downloaded during the breach.

Others victims

And Ofcom is not the only affected organisation. Boots, the BBC, and British Airways were also victims of the breach.

Ofcom’s statement

Ofcom’s statement emphasised the utmost seriousness with which it treats the security of commercially sensitive information and personal data entrusted to its care. Immediate measures were taken to prevent further exploitation of the MOVEit service, and the recommended security protocols were implemented promptly. The regulator also wasted no time in notifying the affected companies under its supervision, offering ongoing support and assistance to its colleagues. Importantly, none of Ofcom’s internal systems were compromised during the attack.

Marijus Briedis, the Chief Technology Officer of NordVPN, remarked that this data breach, accomplished right under the nose of the UK’s media regulator, will undoubtedly enhance the reputation of the cybercriminals responsible for the MOVEit hack. The scale of the attack, coupled with the prominent victims such as the BBC, British Airways, and now Ofcom, strongly suggests meticulous planning on the part of the perpetrators.

Briedis further noted that this significant data theft would elevate the attackers’ standing in the competitive ransomware-for-hire market thriving on the dark web. It also underscores the persisting risk of supply chain attacks in the UK, with opportunistic hackers exploiting vulnerabilities in third-party services as a means to target high-value victims in the future.

Deadline

As the deadline imposed by Clop approaches, victims are urged to make contact to avoid the potential leakage of their data online. More details about additional victims continue to emerge, including Ireland’s Health Service Executive (HSE), which previously fell victim to a major ransomware attack orchestrated by the Conti cybercrime syndicate. The HSE, like several other victims, suffered a breach through a supply chain attack via its service provider, EY, who employed MOVEit Transfer.

MOVEit

Progress Software, the company responsible for MOVEit, has encountered further complications. Prior to the recent incident, the company disclosed another vulnerability in the product, identified with the assistance of independent researchers, which could potentially have a similar impact. A patch addressing this vulnerability was issued on 9 June, and MOVEit Transfer users can obtain further information about the vulnerability through relevant channels.

Did you know?

This is a serious situation, with small businesses being attacked 3 x more than their larger counterparts. Hackers feast on anyone.

Do you need Cybersecurity Support for your business?

You need the best IT cybersecurity support in London. Technology is complicated and expensive, and attacks are costly.

We’re unique because…

• We don’t tie our clients into long-term contracts. We don’t feel the need to
• We don’t enforce our technical stack on you | each client’s needs are bespoke, and we work for you, not for us
• We have 5* Google ratings from genuinely satisfied clients
• 80% of our growth has been through current client referrals
• We’re proud to have 100% client retention since Penntech was established
• We’ve achieved the above through our customer obsession, passion for innovation, and commitment to service excellence.  Everyone could say that but ask our current clients.

We’re always just a phone call away; we live and breathe IT services. We’re here to help your business with anything that could go wrong with your systems or devices.

Contact us today or explore the range of support packages on offer.

 
 
 
 
 
 
 
  
 
 
  
 
 Me Mo 
 
10 February 2023
 
 
  
We cannot recommend Penntech highly enough for their continuous IT support, we have worked with them for years and there is truly nothing that they cannot solve or help with. Their vast amount of knowledge and speed in response is second to none.
  
 
  
 
 
  
 
 Alasdair Gray 
 
6 February 2023
 
 
  
We have been using Penntech for around 6 years now and have had a great experience. Every member of the team we interreact with is friendly and helpful and our queries are always answered quickly.
  
 
  
 
 
  
 
 Chris Sheasby 
 
22 March 2021
 
 
  
I've known Lewis since working with him at CIFF in 2011.  More recently, he has built-up an excellent business which supports a number of my past and present clients.  He also supports my business.  Lewis is first rate and equally importantly, he has built a good team around him to provide quality, responsive IT support.  I can't recommend Penntech highly enough.
  
 
  
 
 
  
 
 Rebecca Groves 
 
20 July 2020
 
 
  
Penntech have worked with us for a number of years now and have always gone above and beyond to provide an efficient professional service in every circumstance. Their friendly responsive approach is refreshing and nothing is too big or too small to assist with.
  
 
  
 
 
  
 
 nick groves 
 
20 July 2020
 
 
  
Lewis and his team are fantastic! Highly recommended
  
 
  
 
 
  
 
 Demstone Chambers 
 
29 May 2020
 
 
  
Friendly and approachable, but also excellent technically. As a barristers chambers  we have industry-specific data protection requirements. Penntech showed in-depth knowledge about the interaction between these requirements and technical IT aspects.
  
 
  
 
 
  
 
 Marion Caillat 
 
20 May 2020
 
 
  
Penntech helped us migrate and merge our inbox's for our small restaurant and bar group. They were super efficient and got everything done within 24 hours. I highly recommend them and will be using them again.
  
 
  
 
 
  
 
 Jonathan Davies 
 
18 May 2020
 
 
  
Heartstyles have worked with Penntech for 3 years. The initial brief to sort out our global IT requirements. Penntech have always been refreshing clear in their comms, avoiding IT gobbledygook. No job has been too small to support and they always deliver above and beyond what was required and within budget. They clearly know what they’re doing and the level of service is always outstanding
  
 
  
 
 
  
 
 leigh ryan 
 
18 May 2020
 
 
  
Lewis and the team at Penntech are seen very much as an extension of our business. They are professional, technically brilliant, don't over complicate things, very friendly and the staff feel comfortable dealing with them on a daily basis.  They have a good understanding of our needs and go above and beyond to ensure we can get on with our day to day business, safe in the knowledge that if anything goes wrong technically that Penntech will resolve it efficiently. Leigh Ryan, CIO, MGAM Ltd
  
 
  
 
 
 
 
 
 
 Google rating score: 5.0 of 5, based on 24 reviews