Several banks couldn’t make currency exchanges for their traveling customers.
Travelex, the currency exchange business, on Thursday night shut down its website following a ransomware attack discovered on New Year’s Eve. But before it did so, several banks including Sainsbury’s Bank, Barclays, HSBC and others already were affected via their use of the Travelex platform.
“Details are very limited at this point as to what the cause of the attack was and to which extent Travelex systems have been impacted. The fact that the company can still conduct transactions over the counter would indicate that the attack is limited to the website and its functionality,” said Javvad Malik, security awareness advocate at KnowBe4.
“Not only does such an attack bring services down, but depending on the vulnerability exploited and the duration for which it goes undetected, it can impact customers too,” Malik added.
The attack underscored the U.S. government’s warning last month that financial services increasingly were being targeted by ongoing Dridex attacks. Dridex is a financial Trojan designed to steal banking credentials and typically spread by email phishing.
“We expect actors using Dridex malware and its derivatives to continue targeting the financial services sector, including both financial institutions and customers,” the U.S. government warned.
Whether Travelex was attacked with Dridex, a derivative, or something else is uncertain. But it’s likely part of an increasingly common combo play against financial institutions.
“Actors distributing Dridex likely employ ransomware with similar configurations. Code for BitPaymer, also known as Friedex, includes numerous similarities to Dridex, despite its function as ransomware rather than data extraction,” according to the government warning.
The Cybersecurity and Infrastructure Security Agency (CISA), part of the U.S. Department of Homeland Security (DHS) and the publisher of the warning, listed several mitigation recommendations:
Further, the Treasury and CISA reminded users and administrators to use the following best practices:
“This ransomware attack, against a leading currency exchange business, is indicative of the enhanced threat that ransomware now poses. Over the last year the increasingly targeted use of ransomware by criminals has affected organizations from the Coast Guard, to universities, numerous state governments and a vast range of businesses, data centers and managed service providers (MSPs) internationally,” said Carl Wearn, head of e-crime at Mimecast.
“Unless organizations up their game, and their user awareness, this threat will inevitably increase in 2020 and the tide of attacks, as currently seen, will worsen,” Wearn added.
There’s no word yet on when Travelex’s currency exchange services will be back online, but the company says it’s working as fast as possible to restore services.
SolarWinds-Cisco Meraki Integration Improves Device Monitoring
Microsoft Widens Hybrid Cloud Path with New Azure Arc, Azure Stack Hub Releases
Remote Learning: Help Your K-12 and Higher-Ed Clients Get Back to School Safely
News You Missed: MSPs Hold Their Own During COVID-19, Atera Expands Software Patching
Dynatrace Partner Program Highlights Digital Transformation Expertise
Auth0 Debuts Marketplace, Opens Door Wider to Identity Management Partners
Workshop: Voices of the Channel
VMware & SD-WAN: Taking a SASE Approach
Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.