Get Aligned!

Pulse Secure is one of many companies that deliver secure cloud and connectivity solutions to organisations worldwide. Such mission critical solutions require consistent maintenance and updating in accordance manufacturer guidelines and recommendations.

However, in April 2019, Pulse Secure published an urgent patch to a vulnerability in its widely used corporate VPN software. This vulnerability allowed remote attackers to gain access to administer the software without a username or password. Naturally the consequences of such action could be catastrophic with the ability to change settings, view passwords cached by the VPN server in plain text, view logs and also turn off multi-factor authentication.

Organisations, such as Pulse Secure, publishing urgent patches doesn’t just get picked up by customers, but also cybercriminal groups who can exploit these know vulnerabilities. A particular cybercriminal group has been targeting this vulnerability – amongst many others – for some time with the aim of infiltrating systems, stealing data and planting ransomware.

It is the lack of updating and patching of the VPN server software which led to Travelex being infected with ransomware. Ignoring security patches on your network devices could have significant business consequences.

On New Year’s Eve, the company was hit by Sodinokibi ransomware, also known as REvil. The ransomware operators contacted the BBC and said they want Travelex to pay $6m (£4.6m). They also claimed to have had access to Travelex’s network for six months and to have extracted five gigabytes of customer data—including dates of birth, credit card information, and other personally identifiable information.

“In the case of payment, we will delete and will not use that [data]base and restore them the entire network,” the individual claiming to be part of the Sodinokibi operation told the BBC. “The deadline for doubling the payment is two days. Then another seven days and the sale of the entire base.”

Security researcher Kevin Beaumont found that Travelex had seven unpatched Pulse Secure servers. An exploit for the vulnerability has been available on Internet bulletin boards since August 2019.

The Travelex cyber-attack does provide a key learning to all organisations about ensuring there is a programme in place for monitoring and patching updates, particularly security updates, to all network and server systems in accordance with the software manufacturer.

Back to List

Related Stories

How businesses are refusing to let coronavirus get them down

How businesses are refusing to let coronavirus get…

Yes, many industries are going into survival mode. But the ones still going are keeping themselves busy remotely and doing their level best …

Read Post

The security challenges of BYOD

The security challenges of BYOD

Employers and employees have often found BYOD (bring your own device) to be a win-win. Benefits include lower hardware costs and more device…

Read Post

5 tips for efficient remote working

5 tips for efficient remote working

Allowing employees to work remotely has been ramping up for a while now and, in light of current events, more companies are being pushed to …

Read Post

The IT Skills shortage and how to solve it

The IT Skills shortage and how to solve it

With digital jobs continuing to rise, IT skills are critical for the fulfilment of roles and organisational growth; however, the IT skills g…

Read Post

Coronavirus – be careful where you click

Coronavirus – be careful where you click

Cybercrime is on a continual upward trend. One of the most popular methods that cybercriminals use to gain access to company systems and dat…

Read Post

Password Management – How secure is your password?

Password Management – How secure is your passwor…

There aren’t many human minds that can remember a “complex” password for every website or software tool they use within the workplace….

Read Post

A popular 2020 predication is “Edge Computing” – We explain why

A popular 2020 predication is “Edge Computing”…

Edge computing has been around for some time now, but the term has been coined out of its expansion and potentially future importance within…

Read Post

Diversity in Technology

Diversity in Technology

Google have recently started to publish their own internal hiring data to illustrate the diversity amongst its workforce. There is no questi…

Read Post

NCSC Warning: Windows 7 Unsafe For Banking & Email

NCSC Warning: Windows 7 Unsafe For Banking & Email

The National Cyber Security Centre (NCSC) has delivered a stark warning to all those that are still using Microsoft Windows 7:

Do not to …

Read Post

Cloud-first = key ingredient to business success

Cloud-first = key ingredient to business success

Organisations today should be building cloud-first networks and scaling cloud services.

A truly cloud-first approach to networking is whe…

Read Post