Currency exchange specialist Travelex was warned about insecure virtual private networking (VPN) servers that it was running in September last year - but that warning appears to have been ignored.
The warning was issued by Chicago, Illinois-based security researcher Troy Mursch, tweeting under his @bad_packets account. He claims that he notified in the organisation about the vulnerable Pulse Secure VPN servers it was running on 13 September, but received no response from the company.
Travelex was one of a number of companies that Mursch informed, also informing the UK's National Cyber Security Centre at the same time. The NCSC sent out warning letters to affected organisations as a result of that warning.
We notified Travelex about their vulnerable Pulse Secure VPN servers on September 13, 2019.— Bad Packets Report (@bad_packets) January 4, 2020
No response. pic.twitter.com/lCjk7IY3OM
But even now, according to UK-based security specialist Kevin Beaumont, a large number of organisations are still running iterations of Pulse Secure bearing a vulnerability identified 11 months ago.
And one-quarter of those vulnerable servers are located in the US, added Beaumont, at a time when Iran has threatened retaliation for the assassination of a senior general.
Today, the Travelex website and mobile app remain down with what the holding page describes as "planned maintenance". The website and associated currency exchange facilities were taken down on New Year's Eve following what the organisation had claimed was a virus outbreak.
Travelex's action has also affected currency exchange services from Barclays, HSBC, Sainsbury's Bank, First Direct and Virgin Money, which rely on Travelex. Users of the company's pre-paid foreign currency cards have also been affected, and left unable to top them up for more than a week.
Day 6 of Travelex woes. Nobody has any kind of cybersecurity incident notification. pic.twitter.com/1qBGCP4jRt— Kevin Beaumont (@GossiTheDog) January 6, 2020
The vacuum left behind by the lack of information about the nature of the attack has been filled with speculation, with anything from North Korean state actors to ransomware blamed for the extended downtime.
All Computing's coverage of the Travelex ransomware outbreak:
- Travelex refuses to comment on whether it paid ransom to get its data back
- Travelex claims it is 'making good progress' in recovery from Sodinokibi ransomware attack
- Travelex 'negotiating' with Sodinokibi ransomware group threatening to release or sell personal data
- ICO: Travelex hasn't reported a data breach
- Metropolitan Police called-in last week as Travelex FINALLY admits Sodinokibi ransomware attack
- Cyber criminals demand $3 million in ransom from Travelex after infecting its network with Sodinokibi ransomware
- Travelex ignored September warning over 'insecure' VPN server software
- Travelex takes down currency exchange website following New Year's Eve cyber attack
'Open source was seen as a way to deliver a cheap knock-off of a word processor and now it's recognised as the best way to innovate and deliver the best ideas to the market'
Where cloud dreams come unstuck - the common pitfalls experienced during cloud moves, and how to avoid them
HPE technologists on the cost and operational issues surrounding hybrid cloud and bimodal IT
Fine reduced from initial figure of £183 million because of the pandemic, ICO says
Open source software and open APIs have increased the range of options available to IT leaders, but has the problem moved elsewhere?
The alliance wants tech firms to add functionality to their apps for governments to view encrypted messaging; but tech giants argue that any such system could be exploited