Travelex Knocked Offline by System-Wide Malware Attack

A “computer virus” has forced foreign currency exchange giant Travelex to shut down its online services and its app – leaving its retail locations to carry out tasks manually and many customers stranded without travel money. Its global banking partners have also been left adrift with no way to buy or sell foreign currency.

Travelex, a ubiquitous fixture at airports, provides foreign-exchange services in 70 countries across more than 1,200 retail branches. On Thursday, it tweeted out a short statement confirming a malware attack on New Year’s Eve which, as of this writing, is still impacting its ability to operate. It did not, however, provide technical specifics. Threatpost has reached out to Travelex for further comment.

> Statement on IT issues affecting Travelex Services pic.twitter.com/rpKagJLykn
>
> — Travelex UK (@TravelexUK) January 2, 2020

“We regret having to suspend some of our services in order to contain the virus and protect data,” Tony D’Souza, Travelex CEO, told the Wall Street Journal.

The attack has had ripple effects as well, affecting banking partners like Sainsbury’s Bank, Barclays, HSBC, Tesco Bank and others. The latter, for instance, said that its bureau-de-change services were offline until further notice because of the Travelex incident. Also, firms that use its services cannot participate in the foreign currency markets at all, for now.

> Unfortunately our on-line Travel Money service is currently unavailable due to IT issues at our partner, Travelex. In the meantime, you can still visit one of our in-store bureaux to collect or purchase your currency. Sorry for any inconvenience – Brogan
>
> — Tesco Bank Help (@tescobankhelp) January 2, 2020

Meanwhile, Travelex retail customers who were relying on the company to gain access to their money while traveling also took to Twitter to air their grievances. While the company didn’t mention ransomware, some of these unhappy customers theorized it to be the culprit.

> This is just not good enough. No updates and your website just has a Server error page. I think you haven’t told the customers the full story. Just come clean. Ransomware perhaps? When you are back on-line I am getting all my money off my travelcard. Appaling customer service.
>
> — Rob James (@RobJame25573693) January 3, 2020

In any event, the attack shows the power of savvy phishing, one researchers said, who thinks a malicious email was the likely attack vector.

“The Christmas/New Year period is ideal for phishing and other socially-engineered attacks – people are distracted, businesses are short-staffed and it is relatively easy to deliver a malware payload in a New Year-themed phishing email, or a fake year-end bonus email,” said Colin Bastable, CEO of Lucy Security, in a statement. “Travelex makes for a juicy target – it is somewhat surprising that they were breached, but at any given time, up to 30 percent of employees can easily fall for phishing attacks, which are responsible for over 90 percent of losses from cybersecurity breaches.”

Javvad Malik, security awareness advocate at KnowBe4, had a different theory. “Details are very limited at this point as to what the cause of the attack was and to which extent Travelex systems have been impacted,” he said via email. “The fact that the company can still conduct transactions over the counter would indicate that the attack is limited to the website and its functionality. Websites are the face of a company and are subject to the most attacks. It is important for companies to conduct regular security checks such as penetration testing, as well as vulnerability scan and regular assurance checks against the processing to ensure all public-facing aspects are up to date and running as secure as possible.”