New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Interserve Breached; Approximately 100,000 Employee Records Accessed

A cyber-attack has left the British outsourcing group Interserve looking for answers after details of around 100,000 people were accessed from a database over the weekend. The human resources database included information such as employee names, addresses, bank details, payroll information, next of kin details, HR records, dates of absences and pension information. It cannot be verified at this time what specific information was stolen, and an Interserve spokesperson has refused to comment on the details of the attack. Interserve was taken over by creditors over a year ago, a fact which likely affected their budget and the resources available for IT security. Interserve has verified that they have consulted the National Cyber Security Centre (NCSC) about remediation steps and how they plan to go about resolving the issue.

Analyst Notes

Any employee or customer of Interserve should be cautious during this time due to the fact that their information may be leveraged in different attacks in the future. It’s unclear what type of security Interserve had in place, but they should consider adopting a defense-in-depth strategy. The strategy involves using email filtering, keeping software up-to-date by downloading patches, network monitoring, and pairing an anti-virus software with Endpoint Detection and Response (EDR) or Managed Detection and Response (MDR) to detect intrusions even when other security measures fail to block threats.