![[UK] Cyberattack prompts SD Worx to halt HR and payroll services](http://gpa.net/cdn/shop/articles/bigstock-Red-World-Map-Hologram-With-Di-469256099_1200x.jpg?v=1681240121)
Following a cyberattack, SD Worx - the European HR and payroll management company - has been forced to shut down the IT infrastructure supporting its payroll and HR services in the UK, Computing reports.
On Easter Monday (March 10) the company began informing customers that its UK and Ireland division had been the target of a cyberattack, forcing SD Worx to close its IT systems to contain the damage.
"Our security team has discovered malicious activities in our hosted datacentre last night," the company said in its advisory to UK and Ireland customers.
SD Worx reportedly assured that it had taken "prompt" action by proactively isolating its systems and servers to prevent additional damage.
The action rendered the customer portal for SD Worx in the UK inaccessible, although the login portals for other European countries are functioning normally.
"It goes without saying that we are handling this with the highest priority and that we are working very hard on a solution to give you access to our systems again. We will keep you informed about the further status," the company said.
SD Worx employs more than 7,000 people and caters to 5.2 million employees across 82,000 companies. In 2022, it reported a net turnover in excess of €962 million.
Last year SD Worx reportedly grew its market presence by acquiring the Croatian HR and payroll software provider HRPRO, helping it expand to Central and South-Eastern Europe.
In addition, it bolstered its position in Spain and Ireland with the acquisitions of Integhro and Intelligo.
The data SD Worx handles can include tax-related information, government ID numbers, full names, addresses, birth dates, phone numbers, bank account numbers and employee evaluations, among other details.
In a statement to BleepingComputer, the company reassured that the attack did not involve ransomware and said there is currently no indication to suggest that any data has been compromised.
The cyberattack on SD Worx is the latest in a series of attacks targeting payroll and HR management firms.
In 2021, PrismHR fell victim to a cyberattack that resulted in a significant customer outage. And a ransomware attack hit workforce management solutions provider Ultimate Kronos Group (UKG), affecting its private cloud services including Workforce Central, TeleStaff, Banking Scheduling Solutions and Healthcare Extensions.
Earlier this year Microsoft reportedly announced that it was monitoring more than 100 ransomware groups that had deployed more than 50 distinct ransomware families by the end of 2022.
It warned that criminals were capitalising on techniques such as phishing, fake software updates and unpatched vulnerabilities. According to Microsoft, phishing attacks are the most prevalent approach employed by attackers to gain initial access to networks.
The company also reportedly raised concerns about the surge of malvertising as the first stage of attacks, where criminals purchase online advertisements for products that, when downloaded and installed, infect the user's system with malware. Attackers then exploit that malware to distribute ransomware.
Source: Computing
(Link and quotes via orignal reporting)
Following a cyberattack, SD Worx - the European HR and payroll management company - has been forced to shut down the IT infrastructure supporting its payroll and HR services in the UK, Computing reports.
On Easter Monday (March 10) the company began informing customers that its UK and Ireland division had been the target of a cyberattack, forcing SD Worx to close its IT systems to contain the damage.
"Our security team has discovered malicious activities in our hosted datacentre last night," the company said in its advisory to UK and Ireland customers.
SD Worx reportedly assured that it had taken "prompt" action by proactively isolating its systems and servers to prevent additional damage.
The action rendered the customer portal for SD Worx in the UK inaccessible, although the login portals for other European countries are functioning normally.
"It goes without saying that we are handling this with the highest priority and that we are working very hard on a solution to give you access to our systems again. We will keep you informed about the further status," the company said.
SD Worx employs more than 7,000 people and caters to 5.2 million employees across 82,000 companies. In 2022, it reported a net turnover in excess of €962 million.
Last year SD Worx reportedly grew its market presence by acquiring the Croatian HR and payroll software provider HRPRO, helping it expand to Central and South-Eastern Europe.
In addition, it bolstered its position in Spain and Ireland with the acquisitions of Integhro and Intelligo.
The data SD Worx handles can include tax-related information, government ID numbers, full names, addresses, birth dates, phone numbers, bank account numbers and employee evaluations, among other details.
In a statement to BleepingComputer, the company reassured that the attack did not involve ransomware and said there is currently no indication to suggest that any data has been compromised.
The cyberattack on SD Worx is the latest in a series of attacks targeting payroll and HR management firms.
In 2021, PrismHR fell victim to a cyberattack that resulted in a significant customer outage. And a ransomware attack hit workforce management solutions provider Ultimate Kronos Group (UKG), affecting its private cloud services including Workforce Central, TeleStaff, Banking Scheduling Solutions and Healthcare Extensions.
Earlier this year Microsoft reportedly announced that it was monitoring more than 100 ransomware groups that had deployed more than 50 distinct ransomware families by the end of 2022.
It warned that criminals were capitalising on techniques such as phishing, fake software updates and unpatched vulnerabilities. According to Microsoft, phishing attacks are the most prevalent approach employed by attackers to gain initial access to networks.
The company also reportedly raised concerns about the surge of malvertising as the first stage of attacks, where criminals purchase online advertisements for products that, when downloaded and installed, infect the user's system with malware. Attackers then exploit that malware to distribute ransomware.
Source: Computing
(Link and quotes via orignal reporting)