A Nasty Surprise in Supplies: Monitoring Your Supply Chain in the Wake of the Travelex Ransomware Incident
On 31st December, as the world prepared for the
new decade, UK-based foreign exchange giant Travelex had other things on its
mind; namely, containing a ransomware infection that had already encrypted
business critical files and was threatening to spread further. To contain the
incident, the company shut down its network and took websites offline in 30 of
the countries it operates in.
While these measures may have prevented further infection,
they had a significant knock-on effect on banks that use Travelex for their
foreign exchange services, including Barclays, HSBC subsidiary First Direct,
Sainsbury’s Bank and Virgin Money. Ten days into the new year, these banks are
still reporting that their online foreign currency systems are
unavailable.
In the wake of the attack, the operator of the Sodinokibi
ransomware, which is offered as a service on a Russian-language cybercriminal
forum (see image below) has come forward to claim responsibility, threatening
to release 5GB of data claimed to have been stolen from Travelex, unless the
ransom demand, reportedly a £4.6 million sum, is promptly paid.
The Sodinokibi variant, which was targeted at Travelex, is sold as-a-service to affiliates, albeit only those who have significant experience with ransomware
Whether or not these threats can be substantiated, which we explore later in the article, the disruption to the businesses which rely on Travelex as part of their supply chain is clear. Usually when we talk of threats to a supply chain, we tend to speak of attacks which exploit the relationship between two organisations to pivot from one to another. Although none of the banks listed above were actually breached, the disruption to Travelex still had a substantial knock on effect.
Unlike attacks which pivot from a supplier to your organisation, which can be mitigated in part by applying additional security measures, attacks like the one that targeted Travelex might appear, frustratingly, to be out of your organisation’s control, as they entirely rely on the supplier’s security posture. However, through Orpheus’ services, your company can better manage and understand the threats facing your supply chain, as we demonstrate in three points below:
1. Vulnerability insight
The attackers behind the Travelex incident are thought to
have breached the company via a critical vulnerability affecting enterprise VPN
solution Pulse Secure Connect. Despite a patch being available for months,
Travelex failed to apply the necessary updates, providing the attackers with a
potential route in.
This shows the importance of establishing visibility into your supply chain with regards to vulnerabilities your suppliers face. Orpheus’ Cyber Risk Rating dashboard can provide you with this information, allowing you to anticipate incidents of the kind that proved so disruptive to Travelex’s banking clients.
2. Big game targets
Another key aspect of the Travelex incident is that it
aligns with a trend in ransomware towards “big game hunting”. This is the
increasing tendency for ransomware operators to pursue larger organisations, often
with global operations. Previous examples include the Ryuk variant targeting
shipping giant Pitney Bowes last October and Spanish security multinational
Prosegur a month later. The presumed rationale behind this targeting is that
attacks on such organisations will generate more media coverage, increasing the
pressure on the victim to pay the ransom which, due to the company’s size, can
be a higher fee than that demanded of smaller victim organisations. Moreover,
companies with global operations are likely to have complex supply chains,
meaning that many other organisations are likely to be impacted, again
increasing the pressure on the victim to swiftly resolve the situation.
Given this targeting trend, we would advise organisations seeking to assess the security of their supply chains to particularly focus on these larger companies which present more visible targets to attackers. Again, this is a visibility that can be gained through Orpheus’ Cyber Risk Rating dashboard which, in listing all the companies in your supply chain, allowing you to determine which are potentially more attractive targets from an attacker’s point of view.
3. Data leak extortion
It is also worth considering the nature of a knock on effect from a supplier being targeted. In most cases, this consists of a disruption to services, either because critical systems have been encrypted or the supplier has deliberately shut down such systems to halt the spread of an infection. While this presumes the use of ransomware, ransomware is much more likely to have a knock on effect for a supplier’s clients than, for example, a banking trojan or cryptocurrency miner infection, as the impact of these are relatively contained, rarely requiring network-wide shutdowns.
The nature of the impact of these ransomware infections is evolving, however, and so too is the potential threat to organisations for which the victim is part of their supply chain. In another growing trend, ransomware operators are increasingly stealing, or claiming to have stolen, their victim’s data. By doing so, the perpetrators have an additional means of extortion if their victim refuses to pay the ransom to decrypt their data. And if your supplier is the one subject to this extortion, it could potentially be your data at risk of being exposed.
As mentioned above, Travelex was the target of such threats, with the perpetrator claiming to have stolen sensitive data such as social security numbers, dates of birth and payment card details (see image below). The release of such details could further impact Travelex’s banking clients, as information such as card data would likely belong to the banks and their customers. However, it is unclear whether the attackers actually stole any data as Travelex would have been required to report the incident as a data breach within 72 hours under GDPR, or face a fine, and such a disclosure has yet to be made.
Sodinokibi’s operator claims to have stolen sensitive data such as social security numbers from Travelex, though these claims are not substantiated
Whatever the case regards Travelex, other ransomware
operators have met their claims by actually releasing their victim’s data, and
we assess this behaviour will likely become more common. Organisations can keep
track of such emerging trends, and the potential implications for their supply
chains, by subscribing to Orpheus’ bespoke Threat Intelligence dashboard, which
includes a large, regularly updated, database of intelligence reports.
Get our latest cyber intelligence insights straight into your inbox
Fill out the short form below to subscribe to our newsletter so that you never miss out on
our cyber intelligence insights and news.
Privacy Overview
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Orpheus is a leading cyber security company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence. Cyber security jobs and careers.
Strictly Necessary Cookies
These cookies are strictly necessary to provide you with services available through our website and to use some of its features. These must be enabled at all times, so that we can save your preferences.
Orpheus is a leading cyber security company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence. Cyber security jobs and careers.
If you do not enable Strictly Necessary Cookies, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
Orpheus is a leading cyber security company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence. Cyber security jobs and careers.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Orpheus is a leading cyber security company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence. Cyber security jobs and careers.
Please enable Strictly Necessary Cookies first so that we can save your preferences!
Orpheus is a leading cyber security company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence. Cyber security jobs and careers.
Orpheus is a leading cyber security company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence. Cyber security jobs and careers.
Request Demo Access
Fill out your details below and we'll be in touch to arrange demo access for you as soon as
possible.