Travelex Cyber-attack Timeline
Travelex Cyber-attack Timeline
Date: 7 October 2020
The Travelex cyber-attack (just like many others) contains overwhelming lessons about cyber incident response and cyber crisis management for those who wish to seek them out. We have collated information on the attack, based on media reports, for an easy understanding of the attack which can be applied to enhance organisational cyber resilience.
Quick reading guide:
Disclaimer: This document has been created with the sole purpose of encouraging discourse on the subject of cybersecurity and good security practices. Our intention is not to defame any company, person or legal entity. Every piece of information mentioned herein is based on reports and data freely available online. Cyber Management Alliance neither takes credit nor any responsibility for the accuracy of any source or information shared herein.
About Travelex
Travelex was the world’s largest foreign exchange bureau until it was hit by a cyber-attack on 31st December, 2019. Within a short span of 4 months, this mammoth of a business went up for sale, with its parent company, Finablr, preparing for potential bankruptcy. The deadly concoction of a ransomware payout and COVID 19 has jeopardised a 40-year old business that was once a paragon of popularity and excellence in its domain.
If reading this makes you wonder whether your business, regardless of size, is at all safe in this complex world of cyber-threats, nobody can blame you for being over-anxious.
Cyber criminals are all around and they are waiting to find the next most vulnerable aspect of any business that they can attack. Cyber Management Alliance’s unique NCSC-Certified Cyber Incident Planning & Response course aims to target this very lacuna in most businesses’ cyber infrastructure. It aims to equip organisations and individuals with the fundamental knowledge required to understand the importance of cyber resilience and how to go about building the same.
Travelex Cyber Attack Timeline
We have compiled a detailed timeline of the Travelex cyber-attack based on information that's available freely on the internet and in media reports. Our objective is to simply present this information in an easy-to-consume visual guide that can help cybersecurity practitioners and enthusiasts to get further clarity on what went wrong and how. You can read this comprehensive timeline here.
What Can We Learn
The idea of us creating this timeline is not to vilify/defame any business or victims of a cyber-attack. However, from every cyber incident there is something all of us can learn about covering our bases when it comes to being truly cyber-resilient.
In this case, it appears that the cyber-criminals managed to attack Travelex thanks to the unpatched critical vulnerabilities in its Pulse Secure VPN servers. Hence, the lesson here would be to always ensure that your cybersecurity infrastructure is as updated and foolproof as possible. Regular review of the IT infrastructure is also imperative to ensure that your business is as secure as is possible.
Is there a Better Way?
We spoke to our CEO and Founder, Amar Singh, about the attack to understand what Travelex, or anybody in its position, could have done differently to mitigate the impact of the attack and to handle things better.
Amar insists that this initiative isn't aimed at attacking Travelex or any organisation. Our objective to create these attack timelines is purely for educational purposes. Amar has been in the thick of many cyber-attacks and he absolutely understands the pressure, the chaos and the collective desire to do the right thing when in the midst of a major crisis.
Here is what Amar thinks are the key lessons that everyone can learn:
- If you've been attacked before, it would be wise to:
(a) Take proactive measures at bolstering your company’s security infrastructure.
(b) Review your cyber incident response plan(s) to ensure they were fit-for-purpose.
(c) Test your plans by running a Cyber Crisis Tabletop Exercise (CCTE) and identify and remediate the gaps.
- According to media reports, Travelex allegedly had seven unpatched servers for many months. This, despite Pulse Secure having issued an urgent patch to a vulnerability in its corporate VPN software that Travelex had been using. Perhaps, such warnings and alerts should have been paid greater heed to. (However, we understand that there are many reasons why an organisation can't patch vulnerabilities immediately.)
We believe that the only way a business stands a remote chance of surviving a sophisticated and determined cyber-attacker today is to first start by acknowledging that it’s defences will be (not can be) breached. This should be followed by adopting a strategic policy and executive mandate on cyber resilience.
If you are truly interested in ramping up your security infrastructure and making sure that your business doesn't suffer the kind of damage other victims of cyber-attacks have, you may be interested in pursuing our NCSC-Certified Cyber Incident Planning and Response course. We offer this course as an online public training or as a private training for individual organisations on-site or virtually.
Disclaimer: This document has been created with the sole purpose of encouraging discourse on the subject of cybersecurity and good security practices. Our intention is not to defame any company, person or legal entity. Every piece of information mentioned herein is based on reports and data freely available online. Cyber Management Alliance neither takes credit nor any responsibility for the accuracy of any source or information shared herein.