A new wave of cyber attacks against British companies is a “critical national security threat”, an analyst has told Sky News.
It follows the exposure of a previously unknown vulnerability in software used by hundreds of companies.
But unlike the recent attacks against M&S, Co-op and Harrods, the latest incident was not ransomware but rather remote code execution.
This is where hackers take control of devices and networks over the internet to run potentially malicious programmes or steal data and information.
Politics latest: Reform MP won’t face charges
The event – revealed by analyst Arda Buyukkaya at cybersecurity firm EclecticIQ – used a previously unknown backdoor in a piece of software called SAP Netweaver, with a patch since released.
Cody Barrow is the chief executive of EclecticIQ and previously worked at the Pentagon, the NSA and US Cyber Command.
He told Sky News: “Governments should treat this as a critical national security threat”, adding that it is the kind of scenario that keeps people like him up at night.
Mr Barrow said the exploitation of networks is “extensive and ongoing”, with more than 500 SAP customers affected and more potentially at risk. He urged users to update their software to the latest version.
Gas giant Cadent, publishers News UK, Euro Garages (EG) Group, Johnson Matthey and Ardagh Metal have been named as victims, with US and Saudi Arabian entities also targeted.
NHS England has posted a warning about the exploit on their website, although it is not clear if they are impacted.
The National Cyber Security Centre (NCSC), the UK government’s authority on cyber threats and part of GCHQ, are monitoring the situation.
Source: