Government supplier Interserve hit by cyber attacks

25 May 2020 Consultancy.uk

As criminals target construction firms involved in the UK’s coronavirus response, outsourcing firm Interserve has been hit by a cyber-attack. Experts warn that outsourcers working extensively with the public sector are likely to be targeted by hackers more than ever, as they seek to exploit the chaos of the Covid-19 crisis.

Headquartered in Reading, Berkshire, Interserve is a multinational group of support services and construction companies. The outsourcing firm recorded a revenue of £2.7 billion in 2018, but recent years have seen the firm struggle to get back on track, following a string of profit warnings. In 2019, Big Four firm EY sold the firm out of administration, in a transaction said to have secured the jobs of roughly 53,500 of its employees, the majority of whom work in the UK, as well as ensuring there was no disruption to the vital public services that Interserve provides to the UK Government.

However, just as the firm looked to be getting back on track, news has broken that Interserve has been left reeling from a cyber-attack earlier in 2020. According to reports circulating in the UK press, hackers broke into an HR database and stole details of up to 100,000 people, including current and former employees. While it remains unclear what exactly was stolen as part of the breach, the Daily Telegraph claimed the data could include sensitive information such as names, addresses and bank details.Interserve hit by cyber attacksInterserve is one of a handful of “strategic suppliers” to the Government, and recently helped to build the NHS Nightingale hospital in Birmingham. The firm also maintains a number of schools and hospitals as well as transport networks such as the London Underground – meaning it currently holds valuable information from a host of keystone services.

Interserve said some of its operations may be affected, before adding in a statement, “Interserve is working closely with the National Cyber Security Centre (NCSC) and Strategic Incident Response teams to investigate, contain and remedy the situation… Interserve has informed the Information Commissioner of the incident. We will provide further updates when appropriate.”

Cybersecurity has become an increased priority for clients during the challenging time of Covid-19, as most workforces operate from virtual environments. Kelvin Murray, Senior Threat Research Analyst at Webroot, said the attacks served as yet another warning that cyber-criminals are seeking to exploit the coronavirus pandemic – especially in health and education, where the size and scope of the industries and the fact that the public sector uses many contractors and outside parties makes it a difficult task to admin and secure.

Murray explained, “Unfortunately, health and education sectors are common targets for cybercriminals throughout Covid-19. The inherent weakness in their cybersecurity is one factor, but the value in their data is another… Both sectors are particularly vulnerable to ransomware, but the biggest concern here is the use of stolen data as a means to enable further attacks. It is much easier to fool victims with a phishing email once you know details about them and their colleagues. Hence, to mitigate future attacks and build cyber resilience, organisations and individuals need to ensure that adequate defences are in place.”