WithSecure Comment: BA, BBC, Nova Scotia gov, Boots hit by MOVEit Supply Chain attacks
Tim West at WithSecure offers his thoughts on the BA, BBC, Nova Scotia’s government and Boots MOVEit supply-chain attack.
“Looking past the immediate event, it’s important to note the possibility of the use of stolen data in further social engineering attacks. BA, for example, noted payment information of its employees was stolen, but organisations should expect the bulk of data to be ransomed or uploaded to a leak site.
It’s yet another reminder of the risks posed through supply chain exposure.
While there isn’t an awful lot that organisations running MOVEit should have done to mitigate the risk against this particular unknown, details are still emerging. We may yet understand more about why some organisations running the service don’t appear to have been impacted.
It does show that once again organisations have been impacted as a result of a compromise to other organisations tasked with processing their data. “