Major Companies Shared Vulnerability Used in Travelex Cyberattack

Date : 01/16/2020 @ 12:56PM
Source : Dow Jones News
Stock : Revlon Inc New (REV)
Quote : 9.74  0.0 (0.00%) @ 1:00AM
Revlon share price Chart

Major Companies Shared Vulnerability Used in Travelex Cyberattack

Revlon (NYSE:REV)
Historical Stock Chart

3 Months : From Jan 2020 to Apr 2020

Click Here for more Revlon Charts.
By Caitlin Ostroff and Anna Isaac 

A vulnerability at Travelex that was exploited by hackers to disrupt the money-exchange company existed at dozens of major U.S. companies and institutions, potentially leaving them open to similar breaches, according to cybersecurity firm Bad Packets.

Purdue Pharma LP, Revlon Inc. and Texas Instruments Inc. were among companies using Pulse Secure VPN to create secure remote logins for their staff, according to Troy Mursch, chief research officer at Bad Packets. A loophole in that tool can and has been exploited by cybercriminals, Mr. Mursch said.

Bad Packets said many organizations hadn't addressed the weakness in their technology systems as of Friday, although a fix or patch was made available in April. Among those were a California utility company, a border-police force and an appellate court, Mr. Mursch said.

On Wednesday, a Revlon spokeswoman said the problem had been patched and there had been no unauthorized access to its internal networks. A representative for Texas Instruments said the firm became aware of the vulnerability last year and acted to secure its systems.

Purdue declined to comment.

A cybercrime group named after ransomware virus Sodinokibi attacked Travelex, with the company discovering the breach on New Year's Eve. The attack disrupted cash deliveries from its global network of vaults to international banks. Travelex, a division of U.K.-listed payments conglomerate Finablr PLC, hasn't yet restored many of those operations.

Sodinokibi, also called Sodin and REvil, used the glitch in Travelex's VPN system to gain access to a server in the Asia-Pacific region, according to a person with knowledge of the investigation into the matter.

Bad Packets reached out to Travelex in September to flag the vulnerability, but didn't receive a response, according to Mr. Mursch.

Bad Packets specializes in identifying hacking threats by monitoring malicious activity and alerting vulnerable companies. The Chicago-based firm has been cited as an authority on cybersecurity issues by both U.S. and U.K. government agencies.

A Travelex spokeswoman declined to comment on the specific vulnerabilities exploited in the attack and said the company would offer an update on progress in restoring its systems later this week. The company has acknowledged that Sodinokibi malware was used.

The vulnerability in the VPN tool allowed hackers without valid usernames or passwords to connect to a corporate network, turn off two-factor authentication and view logs and cached passwords.

The U.S.'s National Security Agency and the U.K.'s National Cyber Security Centre both issued warnings about the tool in October. The Department of Homeland Security reissued the warning in January after reports of recent attacks by Sodinokibi.

London's Metropolitan police said Wednesday that its criminal investigation into the Travelex attack was ongoing.

The NCSC, which is also investigating the incident, declined to comment.

Write to Caitlin Ostroff at and Anna Isaac at


(END) Dow Jones Newswires

January 16, 2020 07:41 ET (12:41 GMT)

Copyright (c) 2020 Dow Jones & Company, Inc.

Latest REV Messages

{{bbMessage.M_Alias}} {{bbMessage.MSG_Date}} {{bbMessage.HowLongAgo}} {{bbMessage.MSG_ID}} {{bbMessage.MSG_Subject}}

Loading Messages....

No posts yet, be the first! No {{symbol}} Message Board. Create One! See More Posts on {{symbol}} Message Board See More Message Board Posts
Your Recent History
Gulf Keyst..
FTSE 100
UK Sterlin..
Stocks you've viewed will appear in this box, letting you easily return to quotes you've seen previously.

Register now to create your own custom streaming stock watchlist.

NYSE, AMEX, and ASX quotes are delayed by at least 20 minutes.
All other quotes are delayed by at least 15 minutes unless otherwise stated.

By accessing the services available at ADVFN you are agreeing to be bound by ADVFN's Terms & Conditions

P: V:us D:20200403 07:52:27