It is remembered that during the month of January, the British company Travelex was under the attack of a computer attack that had forced it to stop its activities on several aspects.
According to reports, the firm agreed to pay the ransom demanded by cyber criminals to free its system from the ransomware that had infected it. Apparently, cyber criminals had managed to enter the system via a vulnerability that affected a VPN whose security patches had not yet been applied. According to the US media outlet The Wall Street Journal, Travelex has agreed to pay nearly $2.3 million, which equates to 285 bitcoins.
This article will also interest you: Travelex, victim of a computer attack
A school case that highlights the importance of not neglecting security vulnerabilities. In this context, as in several others, the bill was salty for the victims. In this case, for example, of travelex, hackers would have originally demanded 6 million. According to TechTarget's ComputerWeekly media outlet, the ransomware used here is Revil/Sodinokibi. This malware program is typically distributed through Pulse Secure VPN servers that would be affected by the CVE-2019-11510 flaw. A vulnerability whose security fix has been in place since April 2019. In addition, the Shodan search engine had referenced a server that had not yet applied the security patches, and this server apparently belonged to Travelex. Computer security expert Brad Packets had even reported the vulnerability, two months before the computer attack, and there was no response from the company.
Unfortunately this kind of neglect or lack of promptness on the part of the structures is not at all isolated. Indeed, at the end of August 2019, several cybersecurity authorities in Europe reported several security vulnerabilities on the private virtual networks of providers such as Fortinet, Palo Alto Networks and Pulse Secure. Revealed during the summer, these various security flaws have worried even the French government. Its CERT teams noted that "for each of these products, researchers were able to execute arbitrary remote code exploiting these vulnerabilities."And that's not all. Valéry Marchive pointed out about these vulnerabilities: "And not to spoil anything, other highly sensitive equipment exposed on the Internet is affected by equally critical vulnerabilities. This applies to Citrix ADC/Netscaler Gateway systems affected by the CVE-2019-19781 vulnerability known as Shitrix. It appears to have been actively exploited since mid-January. ». In addition, the operator Bretagne Telecom also revealed that it had been the victim of a computer attack during the month of February. But unlike Travelex, he managed to get away with it without much trouble.
The Danish firm ISS, which had been infected with the Ryuk ransomware, unfortunately had more difficulty getting rid of it. In his case, the hackers had managed to break into the system through the e-mail service. On closer notice, the experts found that the problem was not related to employee behaviour or even the digital hygiene of employees. It was then revealed by the Onyphe search engine that ISS had been exposed to a Citrix security flaw via certain internet equipment. According to Bad Packets Report, a security breach such had been discovered by the specialist, and that he had even informed the relevant authorities. And not just that, "We must also count with the vulnerability CVE-2020-1938, which affects the AJP connector of Apache Tomcat, called Ghostcat, or the CVE-2020-0688 affecting exchange servers: this allows to take complete control of the server after successful authentication with previously stolen identifiers. Noted the editor-in-chief.
Bad Packets has just reviewed the various vulnerable equipment in its search activities related to servers with security vulnerabilities. Rapid7 was concerned last week about the very low commitment rates for the implementation of the patches. It is thought that, in principle, the cost of a computer attack should still encourage companies not to neglect certain security updates. But the reality remains disappointing.
Now access an unlimited number of passwords: