Web and mobile impacted
Currency exchange outlet Travelex has taken its website and services offline after computer malware hit its systems on New Year’s Eve.
Travelex said the move was a “precautionary measure to protect data and prevent the spread of the virus”, adding that it has deployed both its own IT specialists and external cybersecurity experts to isolate the unnamed malware and restore affected systems.
The firm is yet to provide an estimate of when it expects to be able to restore web and mobile services, both of which remain unavailable as of Friday lunchtime.
In the meantime, Travelex’s network of branches continue to provide foreign exchange services manually. It apologized to customers for any resulting inconvenience.
In a statement uploaded to its official Twitter account, Travelex sought to downplay potential customer fears by stating that its “investigation to date shows no indication that any personal or customer data has been compromised.”
Travelex’s outage has had an effect on other merchants that use its services internationally, including Tesco Bank. Customers in Australia and the United States are reported to have been affected by the outage.
In a press release, Javvad Malik, security awareness advocate at KnowBe4, said: “Details are very limited at this point as to what the cause of the attack was and to which extent Travelex systems have been impacted. The fact that the company can still conduct transactions over the counter would indicate that the attack is limited to the website and its functionality.”
In the absence of solid information external security experts are nonetheless speculating about the source of the breach on Travelex’s systems.
“They operate an FCA regulated B2C payment platform built in AWS (but law of averages would point more towards Emotet or some such on Windows),” said UK infosec practitioner Kevin Beaumont in a post on Twitter.
Emotet, a trojan often distributed through spam emails, is often used to establish a beachhead on compromised networks. Cybercriminals have increasingly used the malware, which has become a scourge of internet security over recent years, in targeted ransomware attacks on corporate networks.
More recent versions of Emotet are capable of spreading using network exploits and worm-like capabilities.
A Travelex spokesperson told The Daily Swig that it was unable to comment on the security incident until its investigations were complete.
RELATED Emotet resurgence includes mass email exfiltration