Zellie

• The stolen data is said to include staff names, staff ID numbers and national insurance numbers (although, importantly, not banking details).
• But, other than for those personally affected, the real issue is what this attack reveals about the evolution of cybercrime.
• More cybercriminals are realising that if they can compromise a trusted supplier, this will lead to the compromise of that organisation’s customers.
• This allowed hackers to compromise Zellis, a trusted supplier of services to BA, the BBC, Boots and others.

Future of cybercrime

• This suggests these cybercriminals have learned from previous supply-chain attacks, and are experimenting with making the strategy commercially viable.
• In supply-chain attacks, cybercriminals target one organisation by attacking an external provider they use.
• Attributed to Russia’s military intelligence agency the GRU, SolarWinds was seen as being mainly motivated by state espionage.

Evolutionary step

• This was arguably always going to be an evolutionary step for cybercriminals.
• Later, criminal copycats such as cl0p apply the same strategy, avoiding the pain of inventing new methods.
• The ultimatum issued by cl0p is also revealing about the behaviour and motivation of cybercriminals.
• The final step in maximising the return from the attack, by making all the victims pay, is clearly harder than with simple ransomware, where the focus is on one target organisation and one route to the pay-out from the crime.