The digital challenger bank Revolut has confirmed it was hit by a highly targeted cyberattack that allowed hackers to access the personal details of tens of thousands of customersThe app-based bank, launched in the UK in 2015, admitted that a third party gained access to the personal details of 0.16% of its 20 million customers but said: “no funds have been accessed or stolen”.

Subscribe
Notify of
guest
7 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Julia O’Toole
Julia O’Toole , Founder and CEO
Industry Leader
September 21, 2022 2:50 pm

Airlines have been a key target for cybercriminals for many years now and in just the last couple of months we have witnessed attacks on TAP Portugal, Pegasus and now American Airlines.  

The reason airlines are such a prime target, is because attackers have many different avenues to target and damage them. Firstly, there is a huge opportunity to access and steal critical data, like passports, PII and credit cards. While secondly, flaws in aviation systems, like the WiFi vulnerability that was announced last week, can put the physical safety of aeroplanes at risk.

In this instance against American Airlines, it looks like the attackers gained access through phishing, one of the easiest, yet most effective, attacks to execute. When it comes to defending against phishing, employee awareness is good, but clearly not enough to prevent all attacks.

As a result, organisations should look towards encryption to improve their defences. This involves encrypting employee access credentials, so they don’t even know them.

This means credentials cannot be stolen or phished. Furthermore, when organisations segment their access, criminals cannot bring their whole network down with one set of credentials.

Last edited 2 months ago by Julia O’Toole
Timothy.west
Timothy.west , Head of Threat Intelligence
InfoSec Expert
September 21, 2022 2:49 pm

If claims are true about intrusion MO, it is another reminder that often the vulnerability that gets exploited is the human. While it is easy with hindsight to suggest that a product or service may mitigate against such attacks, technology alone, or specific configurations therein cannot be considered a silver bullet solu

Last edited 2 months ago by timothy.west
David Sygula
David Sygula , Senior Cybersecurity Analyst
InfoSec Expert
September 21, 2022 2:44 pm

A threat actor was likely able to compromise an employee’s Slack account due to a lack of MFA. As for ‘Teapot’, it is claimed on the dark web that the actor could be related to Laspsus$, if not the head of Lapsus$. It’s impossible to verify the claim but there’s a high probability as it’s the same modus operandi. Either way, this further shows how important it is to raise awareness around social engineering and the need to monitor for employee credentials that are for sale on the dark web.

Last edited 2 months ago by David Sygula
Markus.strauss
Markus.strauss , Head of Product Management
InfoSec Expert
September 21, 2022 2:43 pm

This, together with the American Airlines breach, is the second breach initiated through phishing and subsequently leading to threat actors gaining access to the environment. What remains to be seen is whether the attacker(s) executed code from the link clicked in the email that exploited existing vulnerabilities in other deployed software or whether zero days were in play here. Regardless it just shows yet again how important continuous security training on the frontline is and how critical runtime and vulnerability management for organizations are.

Last edited 2 months ago by markus.strauss
Paul Bischoff
Paul Bischoff , Privacy Advocate
InfoSec Expert
September 21, 2022 2:42 pm

Although every data breach is cause for concern, Revolut limited the scope of this attack to about 50,000 users, and compromised data was limited to names, addresses, email addresses, and phone numbers. This information could be used to phish Revolut users, but it doesn’t pose a direct or immediate threat to customers’ money. Affected users should be on the lookout for phishing emails and text messages from scammers posing as Revolut. Never hand over sensitive information like payment details or passwords over email or SMS, and never click on links or attachments in unsolicited emails and texts.

Last edited 2 months ago by Paul Bischoff
7
0
Would love your thoughts, please comment.x
()
x