The vulnerability that allowed Travelex to be attacked by hackers has existed at many other companies and institutions in the U.S., according to a report by The Wall Street Journal.
Among the potentially vulnerable companies are Texas Instruments, Revlon, Purdue Pharma, a California utility company, a border-police unit and an appellate court.
All of them were using Pulse Secure VPN to make supposedly secure logins for workers, according to Troy Mursch, chief research officer at Bad Packets, a cybersecurity company.
Mursch said cybercriminals discovered a loophole in the VPN and used it to exploit and attack companies.
According to Bad Packets, many companies have yet to address the security flaw, even though a patch for it came out in April.
Revlon said it patched the problem, and it had no security breaches. Texas Instruments said it became aware of the issue last year and fixed it.
Travelex was attacked around Christmas by a criminal cyber group named after ransomware virus Sodinokibi, which is also called Sodin and REvil. The breach was discovered on New Year’s Eve and forced the company to use pen and paper to serve customers while the majority of its network was shut down. Cash deliveries all over the world were affected, and many systems are still offline.
The cyber attackers used a vulnerability in the VPN system to get access to a server in the Asia-Pacific area. Bad Packets said it warned Travelex about the issue in September, but it never heard back.
Bad Packets monitors cyberattacks and malicious activity and then notifies companies about it. It’s based in Chicago and has been cited by both the U.S. and U.K. governments as a credible source.
A Travelex spokesperson said the company is going to offer an update on its restoration processes later in the week, but it isn’t going to comment on specific vulnerabilities. The company did admit Sodinokibi malware was used.
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More