What can victims of MoveIt data breaches do?
As a result of a continuing major attack, more than 100,000 people have been alerted that their personal information is in the hands of cybercriminals.
Among the firms whose employees have been affected by the MoveIt data leak are the BBC, British Airways, Aer Lingus, and Boots.
As the scope of the breach is revealed, more organizations are expected to issue employee warnings.
But what can those affected by mass cyberattacks do?
Don’t freak out.
The most pressing advise in the early phases of an attack like this is addressed at the organizations.
Hackers aren’t interested in going after individuals because it takes too much time, and they only care about one thing: getting paid.
And hackers will almost certainly send ransom demands to the compromised organizations, demanding the cryptocurrency Bitcoin.
“The important message to organisations right now is not to panic, to install the security patch and not to pay the criminals,” former National Cyber Security Centre lead Prof Ciaran Martin says.
But once an organisation has been breached, the hackers have the upper hand.
Should paying ransoms to hackers be prohibited?
According to a study, UK businesses are the most inclined to pay hacker ransoms.
And the criminals suspected of being behind the MoveIt hack are notoriously ruthless in their extortion methods.
The hackers frequently consider their extortion strategies.
“Some prior incidents involving these criminals have seen victims not contacted until weeks after data was stolen – so if you don’t hear from them in the coming days, you are not in clear,” Mandiant Intelligence senior manager Kimberly Goody adds.
According to Mandiant research, the group, which is thought to be based in Russia, will then contact a company email address and demand payment not to publish the stolen data online.
According to Mandiant analysts, these demands are often in the seven- to eight-figure range, but some have exceeded $35 million (£28 million).
And law enforcement agencies all over the world warn businesses not to pay because it feeds the growth of these criminal gangs.
Individuals are advised not to panic, but rather to be cautious.
If your organisation refuses to pay the crooks, there is a strong possibility they may broadcast the material on the dark web or try to sell it to other hackers.
However, there are several processes between that and you losing money.
“There really is an important message not to panic, as it’s very unlikely that organisations have been storing data like full bank details which can lead directly to sort of financial harm,” Prof Martin told BBC Radio 4’s Today programme.
And, while some organizations, such as British Airways, claim that some staff bank details were stolen, it is highly unlikely that this resulted in individuals’ bank accounts being drained.
According to experts, the risk comes from secondary attacks, in which hackers use the information they have to trick victims into revealing more information.
So, be on the lookout for strange emails and phone calls, particularly those concerning the hack.
Don’t log in
Individual victims may receive a message claiming to be from their organization, requesting that they check in and validate their account because “fraudulent activity has occurred.”
Experts recommend keeping an eye out for the following:
official-sounding messages about “resetting passwords”, “receiving compensation”, “scanning devices” or “missed deliveries” emails full of “tech speak” designed to sound more convincing being urged to act immediately or within a limited timeframe
The MoveIts breach is certain to worsen as other organizations find they have been hacked – but, according to experts, data acquired in prior attacks has been published in an obscure section of the dark web, with minimal impact on individuals.