Manchester United Football Club hit by Cyber AttackNovember 24th, 2020 by Kris Price
Late on Friday evening 20th November, Manchester United released a statement announcing they had been victims of a cyber-attack. The statement described the attack as “a sophisticated operation by organised cyber criminals”.
The statement also said the club wasn’t aware (yet) of any breaches to customer personal data. As all businesses are aware, or at least should be, by law any data breach must be reported to the Information Commissioners Office (ICO) within 72 hours of the data breach being detected. This was introduced as part of GDPR. If the breach has managed to obtain personal information on any individuals, it is also the businesses duty to contact each affected person. As it stands Manchester United have followed proper protocol and confirmed the breach has been reported to the ICO.
With Manchester United hosting West Bromwich Albion in a Premier League clash on Saturday night, the club was keen to stress that the systems affected wouldn’t have an impact on the match, so it could still go ahead (Manchester won the game 1-0, some would say they wished the game hadn’t gone ahead as it was somewhat underwhelming!).
The statement from the club reads:
“Manchester United can confirm that the club has experienced a cyber-attack on our systems. The club has taken swift action to contain the attack and is currently working with expert advisers to investigate the incident and minimise the ongoing IT disruption.
Although this is a sophisticated operation by organised cyber criminals, the club has extensive protocols and procedures in place for such an event and had rehearsed for this eventuality. Our cyber defences identified the attack and shut down affected systems to contain the damage and protect data.
Club media channels, including our website and app, are unaffected and we are not currently aware of any breach of personal data associated with our fans and customers. We are confident that all critical systems required for matches to take place at Old Trafford remain secure and operational and that tomorrow’s game against West Bromwich Albion will go ahead.”
Manchester United also confirmed this attack was something they had “rehearsed” for, but no information was provided about what this entailed.
These types of attacks are all too common, and in the last couple of years some other global organisations have also seen similar attacks, earlier this year I blogged about the Travelex cyber-attack and its impact.
To help combat such attacks, BrightCloud can offer several services and solutions, including Backup as a Service (BaaS) and Disaster Recovery as a Service (DRaaS). Both act, to varying degrees, as an insurance policy if you suffer a similar attack to Manchester United.
One of the ways cyber criminals can attack systems is through malware. This software works in various ways depending on the strain infecting a system. A common infection method is when an unwitting user opens a link or file on an email from a spoof email address pretending to be from a popular mobile phone or computer brand, for example. Opening this file or link can then download the malware onto the businesses systems. This file can sit there dormant, for weeks or months. Then it can trigger randomly, going about corrupting files, so when users open an infected file they may be prompted with a note saying the file is encrypted and the user must pay a ransom to unlock the file – this is known as Ransomware.
There are several ways, using BrightCloud’s services, the infected file or systems can be protected and recovered.
- File restore and Attack Loop Technology – Our BaaS solution is powered by Asigra. One of the key features of Asigra is its ability to scan files during a backup. The software has a constantly updated database of all know strains of Virus and Malware. If one of these files is detected or if a corrupted file is detected, Asigra marks these files as a known Virus/Malware and quarantines them away from the backup. The backup will carry on protecting other files as normal. Asigra reports the issue and details where on the network this file was discovered, which means the IT Team then know where to look for malicious software. More information on the Attack-Loop feature can be found here.
- DRaaS – BrightCloud offer a fully managed Disaster Recovery Service. This is powered by Veeam, which Gartner announced as the Global Leader for 2020 in backup and disaster recovery. Using Veeam, BrightCloud can protect all systems on your entire network, be it Virtual (VMware or Hyper-V) or Physical. Then via Veeam’s Cloud Connect feature, these servers are replicated to one of our UK Data Centres. Typically these replications occur once a day, but can be more frequent if the requirement is for more recent recovery points. In the event of a disaster, BrightCloud can invoke a DR Event and spin up these servers making them available to your business for as long as necessary whilst the issue on your network is resolved. These servers can be utilised as part of the contract for 30 days, after which there are two options, either fail back into your infrastructure, or move into BrightCloud’s Infrastructure as a Service (IaaS), meaning we continue to host your servers going forward.
Whilst Manchester United appear to have avoided a major disaster following the cyber-attack, using something like Asigra’s Attack-Loop technology may have avoided the situation altogether, if the attack was indeed malware related. The malware was sophisticated enough to bypass any on access scanning and anti-virus software Manchester United should have in place, however with Asigra’s technology, the malware would have been detected and highlighted to the IT staff at the club.