Interserve Database Hacked: Expert Insight

Outsourcing group Interserve is recovering from a cyberattack which took place over the weekend that may have seen the details of up to 100,000 people stolen. Hackers broke into a human resources database owned by the outsourcing firm, which recently helped build the Birmingham Nightingale Hospital, on May 9 and stole information on current and former Interserve employees, a company insider said.

Experts Comments

May 14, 2020
Samantha Humphries
Security Strategist
Exabeam
Samantha Humphries, security strategist at Exabeam: “Coming hot off the heels of a UK and US Government advisory that healthcare and medical research organisations are being targeted by malicious cyber campaigns, the incident Interserve and Bam Construct are now dealing with demonstrates that this threat is actually far more diverse. Malicious actors are clearly going beyond the hunt for valuable intellectual property related to vaccines and research, instead targeting the organisations.....Read More
Samantha Humphries, security strategist at Exabeam: “Coming hot off the heels of a UK and US Government advisory that healthcare and medical research organisations are being targeted by malicious cyber campaigns, the incident Interserve and Bam Construct are now dealing with demonstrates that this threat is actually far more diverse. Malicious actors are clearly going beyond the hunt for valuable intellectual property related to vaccines and research, instead targeting the organisations mounting our critical national response to the pandemic. This is part of a broader geopolitical tension – one that seeks to undermine public confidence in a government under significant pressure to show that it is putting lives first. This attack has all the hallmarks of a nation state enabled group; it steps outside the ‘normal’ increase in traditional social engineering attacks we’re seeing from traditional cybercriminals. For many of the organisations now caught in the coronavirus crosshairs, this will likely be the first time they have been targeted by the coordinated and sophisticated attacks typical of ‘advanced persistent threat’ (APT) groups. It’s fairly certain that – given the remote working reality we are facing – these groups are taking advantage of the additional threat vectors posed by corporate networks that now extend far beyond the four walls of the office and into employees’ homes. Here, the same standards of controls and security are not easily attainable for most organisations. Against the most sophisticated attackers, traditional protections are often inadequate. Targeted organisations will need to be able to quickly detect and respond to any breach – which will almost certainly enter through the many new corporate side doors of employees’ home networks. Central to this will be monitoring for tactics, techniques and procedures (TTPs) specific to various state-sponsored groups, as well as utilising behavioural analytics technologies on the network. This will learn the normal behaviour of the network and immediately notify security analysts when activity deviates from this baseline – this is often the first indication of a breach or infiltration.”  Read Less
May 14, 2020
Sam Curry
Chief Security Officer
Cybereason
While specific details are scant, it is encouraging that to see Interserve working closely with the NCSC, and in all likelihood other agencies and private sector organisations, to determine how this reported breach happened and what information was compromised. Interserve's network is vast, and this attack was likely strategic and with purpose as hackers are fully aware of the treasure trove of assets available if they are able to breach the vast ecosystem of customers and partners connected to .....Read More
While specific details are scant, it is encouraging that to see Interserve working closely with the NCSC, and in all likelihood other agencies and private sector organisations, to determine how this reported breach happened and what information was compromised. Interserve's network is vast, and this attack was likely strategic and with purpose as hackers are fully aware of the treasure trove of assets available if they are able to breach the vast ecosystem of customers and partners connected to the company. No matter whether its UK companies, US companies or companies located in other parts of the world, adversaries today hold a large advantage in the cyber cat and mouse game. Nation state backed crime groups are well funded and most often have the resources to carry out comprehensive cyber strikes. However, today a wider variety of hacking tools that would typically be used by sophisticated groups are trickling down to smaller groups or individuals. Ultimately, this creates a bigger challenge for security analysts (the defenders) to stay ahead of threats. Identification, remediation and 24x7 threat hunting and activating an incident response team is critical to prevent malicious and material damage from occurring in the supply chain.  Read Less
May 14, 2020
Kelvin Murray
Senior Threat Research Analyst
Webroot
Unfortunately, health and education sectors are common targets for cybercriminals throughout Covid-19. The inherent weakness in their cybersecurity is one factor, but the value in their data is another. In this case, hospital data can be used in insurance fraud, drug prescription forgery, extortion or as a means to enable future attacks on the service or the individual victims. The sheer size and scope of the healthcare industry and the fact that the public sector uses many contractors and.....Read More
Unfortunately, health and education sectors are common targets for cybercriminals throughout Covid-19. The inherent weakness in their cybersecurity is one factor, but the value in their data is another. In this case, hospital data can be used in insurance fraud, drug prescription forgery, extortion or as a means to enable future attacks on the service or the individual victims. The sheer size and scope of the healthcare industry and the fact that the public sector uses many contractors and outside parties makes it a difficult task to admin and secure. Likewise, in education, we have seen valuable research being a constant target in recent years. Both sectors are particularly vulnerable to ransomware, but the biggest concern here is the use of stolen data as a means to enable further attacks. It is much easier to fool victims with a phishing email once you know details about them and their colleagues. Hence, to mitigate future attacks and build cyber resilience, organisations and individuals need to ensure that adequate defences are in place. Secondly, data must always be backed up, so systems can be restored if needed. As well as good practices, these sectors need a cultural and institutional change with regard to cybersecurity to stop them suffering disproportionately to other organisations.  Read Less
May 14, 2020
Jonathan Knudsen
Senior Security Strategist
Synopsys
First, every company is a software company. While Interserve is described as a construction and support service company, it relies on software to run its business. As such, its software cybersecurity posture is a key component of overall business risk. Regardless of industry, every company must take a proactive, comprehensive approach to cybersecurity to help minimise the risk of business disruption, bad publicity, and lost revenue. Second, attackers will not hesitate to take advantage of.....Read More
First, every company is a software company. While Interserve is described as a construction and support service company, it relies on software to run its business. As such, its software cybersecurity posture is a key component of overall business risk. Regardless of industry, every company must take a proactive, comprehensive approach to cybersecurity to help minimise the risk of business disruption, bad publicity, and lost revenue. Second, attackers will not hesitate to take advantage of calamity. During a global pandemic, when organisations worldwide are struggling to respond to a health emergency, attackers have targeted Interserve as one of the organisations supporting the NHS. Attackers most likely believed that Interserve’s attentions were focused elsewhere, increasing their susceptibility to a cyberattack. Now is the perfect time for all organisations to take stock of their cybersecurity and make necessary changes to strengthen their posture.  Read Less
May 14, 2020
Samantha Humphries
Security Strategist
Exabeam
Coming hot off the heels of a UK and US Government advisory that healthcare and medical research organisations are being targeted by malicious cyber campaigns, the incident Interserve and Bam Construct are now dealing with demonstrates that this threat is actually far more diverse. Malicious actors are clearly going beyond the hunt for valuable intellectual property related to vaccines and research, instead targeting the organisations mounting our critical national response to the pandemic......Read More
Coming hot off the heels of a UK and US Government advisory that healthcare and medical research organisations are being targeted by malicious cyber campaigns, the incident Interserve and Bam Construct are now dealing with demonstrates that this threat is actually far more diverse. Malicious actors are clearly going beyond the hunt for valuable intellectual property related to vaccines and research, instead targeting the organisations mounting our critical national response to the pandemic. This is part of a broader geopolitical tension – one that seeks to undermine public confidence in a government under significant pressure to show that it is putting lives first. This attack has all the hallmarks of a nation state enabled group; it steps outside the ‘normal’ increase in traditional social engineering attacks we’re seeing from traditional cybercriminals. For many of the organisations now caught in the coronavirus crosshairs, this will likely be the first time they have been targeted by the coordinated and sophisticated attacks typical of ‘advanced persistent threat’ (APT) groups. It’s fairly certain that – given the remote working reality we are facing – these groups are taking advantage of the additional threat vectors posed by corporate networks that now extend far beyond the four walls of the office and into employees’ homes. Here, the same standards of controls and security are not easily attainable for most organisations. Against the most sophisticated attackers, traditional protections are often inadequate. Targeted organisations will need to be able to quickly detect and respond to any breach – which will almost certainly enter through the many new corporate side doors of employees’ home networks. Central to this will be monitoring for tactics, techniques and procedures (TTPs) specific to various state-sponsored groups, as well as utilising behavioural analytics technologies on the network. This will learn the normal behaviour of the network and immediately notify security analysts when activity deviates from this baseline – this is often the first indication of a breach or infiltration.  Read Less
May 14, 2020
Jake Moore
Cybersecurity Specialist
ESET
Cybercriminals will not be deterred by any morals or ethics. These attacks clearly shine a light on what type of characters these threat actors really are and what they are prepared to do in order to disrupt whoever and whatever gets in their way. Although it seems this attack could have been worse, staff should remain vigilant at all times as these types of attack are clearly on the increase from separate groups from around world. Working along the NCSC is a great helping hand, but some.....Read More
Cybercriminals will not be deterred by any morals or ethics. These attacks clearly shine a light on what type of characters these threat actors really are and what they are prepared to do in order to disrupt whoever and whatever gets in their way. Although it seems this attack could have been worse, staff should remain vigilant at all times as these types of attack are clearly on the increase from separate groups from around world. Working along the NCSC is a great helping hand, but some attacks can and will inevitably sneak through multiple layers of protection. Like water, if there is a gap in the security, a way through will be found, potentially causing a lot of damage  Read Less
May 14, 2020
Niamh Muldoon
Senior Director of Trust and Security EMEA
OneLogin
A human resources database is a treasure trove of information waiting to be monetized in the eyes of malicious actors, and unfortunately hackers do not stop hacking during a crisis. The information stolen in the breach affecting outsourcing group Interserve could have contained all sorts of valuable sensitive data from names and bank details, to HR records and pension information. It is a shame that Interserve, a company which helped build the Birmingham Nightingale hospital, has been targeted .....Read More
A human resources database is a treasure trove of information waiting to be monetized in the eyes of malicious actors, and unfortunately hackers do not stop hacking during a crisis. The information stolen in the breach affecting outsourcing group Interserve could have contained all sorts of valuable sensitive data from names and bank details, to HR records and pension information. It is a shame that Interserve, a company which helped build the Birmingham Nightingale hospital, has been targeted by hackers in this way. But this demonstrates how all enterprises need to step up their prioritisation of security in order to protect personal data. Attackers know that many organisations are not taking a strong enough stance when it comes to access security. Once they have a set of valid credentials, it is easy to compromise corporate applications, particularly SaaS Apps including HR Systems, File Storage Services and CRMs. Multi factor authentication (MFA) is currently the best method by which organisations can protect themselves from such attacks, proven to prevent 99.9% of account takeovers. Whether it be a soft token, hard token, certificate or SMS, companies should look at implementing MFA across the board. The privacy implications associated with exposed data can be devastating for those involved and this is exacerbated by the cybersecurity skills gap where perhaps enterprises like Interserve are struggling to attract and retain cybersecurity talent. But if organisations want to stay in business, then they must prioritise security and protecting their data. If they cannot attract and retain cybersecurity professionals, then they must partner with trusted partners who can support them in delivering trusted security platforms and expertise services or perhaps outsource access control models to companies like OneLogin in order to reduce associated costs and risks.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.