London-based currency Exchange Company named Travelex comes under malware attack
According to researchers, Travelex is known as London based currency Exchange Company that has been experienced as major malware attack on 31st December. It encourage and immediate close its UK websites as well as online services such as currency ordering. Those people who try to access such site will get error message although the company inform that the site was taken down due to “planned maintenance” as well as “software virus” attack.
Still it is unknown that what type of malware has hit Travelex as the official Twitter statement did not show anything in particular:
Statement on IT issues affecting Travelex services
Travelex confirms that a software virus was discovered on New Year’s Eve which has compromised some of its services. As a precautionary measure, in order to protect data and prevent spread of the virus, we immediately took all our systems offline.
As you know, Travelex is the largest international foreign currency exchange company founded back in 1976 and operates more than 1000 stores and 1000 cash machines in 26 countries with its primary locations such as train stations, airports and others. The intention of malware attack depends on the nature of malicious software which might be disastrous. It also claims that no information about customer has been affected due to the incident.
Barclays, Virgin money, Tesco bank and other banks has to suspend the currency exchange service due to Travelex malware attack:
As you know, Travelex site is in full operational order and the staffs are unable to perform any types of online transactions through this websites or application as per Twitter post. The company was forced into manual operations providing services to customers through branches in airports and other locations across UK and other countries. This malware not only affect core business of the company but also major bank of UK such as Tesco bank, Barclays, HSBC and many others. They inform customers that they will not accept online ordering of travel money and you should have visit branches to do so citing partner’s Travelex issues. This statement also indicates that service will be back as quickly as possible no particular date or times are provided. Further, Travelex said that it deployed IT specialists as well as third party forensic experts to investigate malware attack.
Ransomware suspected
Many people were dissatisfied with this situation that lack of information about incident beyond the general statement. Some customers claimed to be standard overseas due to incident and are unable to access their funds. Moreover, they were also unsure about personal information that is stored within company as multiple data breaches affect industry giants like Equifax or Marriot inform as warnings to customers.
A researcher from UK Kevin Beaumont discovered that Travelex does not use Network Level Authentication for its AWS platform Windows servers as well as publicly exposed Remote Desktop Services. RDP has been one of the major ransomware attacks allow malicious actors to manually access machine by using compromised credentials, disable anti-malware and inject malicious payloads. Unfortunately, after so many ransomware attacks in 2019, Beaumont says that absence of NLA protection and even BlueKeep patches are still common occurrence.