Home Business MoveIt hack: What action can data-breach victims take?

MoveIt hack: What action can data-breach victims take?

by news

More than 100,000 people have been warned their personal data is in the hands of cyber-criminals as a result of a continuing mass hack.
The BBC, British Airways, Aer Lingus and Boots are among the companies whose staff have been affected by the MoveIt data breach.
And more organisations are expected to issue staff warnings, as the extent of the breach is discovered.
But what action can those caught up in mass hacks take?
In the early stages of an attack such as this, the most pressing advice is aimed at the organisations.
Hackers are not interested in going after individuals – it is too time consuming and they care about one thing only, getting paid.
And they will probably send ransom demands to the organisations breached, asking for the cryptocurrency Bitcoin.
"The important message to organisations right now is not to panic, to install the security patch and not to pay the criminals," former National Cyber Security Centre lead Prof Ciaran Martin says.
But once an organisation has been breached, the hackers have the upper hand.
And the criminals thought to be responsible for the MoveIt hack are notoriously ruthless with their extortion techniques.
The hackers often take time to consider their extortion tactics.
"Some prior incidents involving these criminals have seen victims not contacted until weeks after data was stolen – so if you don't hear from them in the coming days, you are not in clear," Mandiant Intelligence senior manager Kimberly Goody says.
The group, thought to be based in Russia, will then contact a company email address, demanding payment not to publish the stolen data online, Mandiant research suggests.
These demands are usually in the seven- or eight-figure range, Mandiant experts say, but there have been ones over $35m (£28m).
And law enforcement agencies around the world advise organisations not to pay, as it fuels the growth of these criminal gangs.
For individuals, the advice is also not to panic but to be suspicious.
If your organisation refuses to pay the criminals, there is a good chance they will publish the data on the dark web or try to sell it to other hackers.
But there are many steps between that and you losing money.
"There really is an important message not to panic, as it's very unlikely that organisations have been storing data like full bank details which can lead directly to sort of financial harm," Prof Martin told BBC Radio 4's Today programme.
And although some organisations, such as British Airways, say some staff bank details have been stolen, this was highly unlikely to lead to individuals' bank accounts being drained.
The risk, experts say, is from secondary attacks, where hackers use the details they have to trick victims into revealing more details.
So the advice is to look out for suspicious emails and phone calls – particularly ones about the hack.
In a typical scam, individual victims might receive a message claiming to be from their organisation, asking them to log in and verify their account because "fraudulent activity has taken place".
Things to look out for, experts say, include:
The MoveIt breach is likely to become more serious as other companies discover they have been hacked – but, experts say, data stolen in previous hacks has been published in an obscure corner of the dark web, with little consequence to individuals.
BBC, BA and Boots among victims of mass payroll hack
Capita hack: 90 organisations report data breaches
Floods sweep region after huge Ukraine dam destroyed
Russia and Wagner clash over Ukraine attack claims
Harry: I couldn't trust anyone due to phone hacking
What we know about Ukraine dam incident
'Thicko, cheat, underage drinker' – Key extracts from Prince Harry's statement
The fake job that snared FBI agent spying for Moscow
Can UK’s Storm Shadow missiles change Ukraine war?
Why Putin has put this religious art on display
The one thing Mike Pence needs to beat his old boss
Who is no longer world's richest? Our quickfire quiz…
Jason Derulo makes 'unsexy' investment in car wash
Why personalised medicine hasn't arrived
The rise of the 'no-wash' movement
Why the city that never sleeps is slowly sinking
The generation clocking the most hours
© 2023 BBC. The BBC is not responsible for the content of external sites. Read about our approach to external linking.


Related Posts