Companies around the world have been affected by a global cyberattack that may have started through corrupted updates on a piece of Ukrainian tax-filing software called MEDoc, according to the BBC.

A large number of security companies, including British malware experts, have pinpointed MEDoc as the source, because of logs that have been found on systems.

The cyberattack has infected companies in 64 countries, including British advertising company WPP, US law firm DLA Piper, Russian oil giant Rosneft, Ukrainian banks and shipping giant Maersk, who said it was unable to process new orders because of the attack.

Although MEDoc denies that it is a source of infection, Microsoft called the method “a recent dangerous trend”, as the malware gains access to networks via email attachments that users click on in error.

Cyberattack hit Ukraine hardest

According to Antivirus and Internet Security Solutions (ESET), 80% of infections was in Ukraine, with Germany only being hit by 9%, suggesting that the attack might be politically provoked.

“The ironic thing about this situation, if it proves to be the case, is that we always advise users to keep their software up-to-date, ideally using automated updates; however, it assumes hackers can’t take over the update process and misuse it,” said University of Surrey Computer Scientist, Alan Woodward.

“This process is normally a very highly controlled process, so this is unusual. I can imagine many vendors are now triple-checking to make sure they don’t end up being an attack vector,” he added.

Woodward also noted that this situation shows “hackers will probe every possible channel” to find a route into systems.

Written by Leah Alger