Reeling from Cyberattack, Toll now has its Customers Leaving

Channel news | February 17, 2020

Reeling from Cyberattack, Toll now has its Customers Leaving
  • Toll Group was hit with a ransomware attack took down many of its delivery and tracking systems and leaving it unable to tell customers where their parcels were.

  • The company had to remove up to 500 applications that supported its international operations, spanning 25 countries.

  • There is a growing sense of anger over how the company has handled its response and the severity of the problem.

Freight delivery giant Toll Group is battling to fully restore its services after a cyberattack, took down many of its delivery and tracking systems, but now it stares at a much bigger problem: leaving customers.


The company was hit with a ransomware attack, known as "Mailto" or "Kazakavkovkiz" two weeks ago, leaving it unable to tell customers where their parcels were.


Toll Group says it has rolled out a deliberately cautious approach to restoring its systems after the cyberattack, despite the negative impact it has on customers.


On Sunday, a Toll spokesperson revealed the company had removed up to 500 applications that supported its international operations, spanning 25 countries. However, the company has also said that the Core systems including email, phones and end-user devices have been tested, restored and are operating as normal.



From the outset, we’ve prioritised customer-facing and other critical systems. We now have many of our customers back online and operating essentially as normal, including through large parts of our global cargo-forwarding network and across our logistics warehouse operations around the world. And, we’re progressively reactivating full services on the MyToll parcels booking and tracking portal.

- Spokesperson, Toll

The spokesperson declined to comment on the financial impact the cyberattack took on Toll, or the issues of penalties it had suffered from clients, saying it was too early to be specific about the impact.



Toll said earlier this month that it was working with the Australian Signals Directorate's Australian Cyber Security Centre (ACSC) as well as cybersecurity companies to help identify the virus and work out how to best respond. The ACSC later released an advisory notice about Mailto, saying it had published a so-called hash of the ransomware – an identifier that can be used by other organizations to scan their systems and get warning notifications if it is identified on their network.



At this time, the ACSC is unaware whether these incidents are indicative of a broader campaign. There is some evidence that Mailto actors may have used phishing and password spray attacks, and then used compromised accounts to send further phishing emails to the user’s address book to spread the malware. There is currently limited information from this compromise on how the malware is spread laterally across a network.

- Australian Cyber Security Centre (ACSC)

READ MORE:
Ryuk: defending against this increasingly busy ransomware family


Disgruntled Customers


Companies including Unilever, Adidas, Nike, Telstra, Optus, Footlocker and Officeworks, have been left to fend off disgruntled customers due to indefinite delays for deliveries. Toll is understood to have been hit by numerous penalty payments due to its failure to fulfill contractual commitments. Many of these companies, though, have denied to make any comments on Toll's troubles, admitting it has been the victim of a crime.


Privately there is a growing sense of anger over how the company has handled its response and the severity of the problem. The company adopted a deliberately cautious approach in the delay of bringing its systems back online quickly, in order to manage the threat in a methodological and orderly manner.


Toll did not pay the ransom, as is the strategy usually advised by experts,  and has declined to say how much was demanded. However, the time taken to investigate the problems and start bringing services back online has caused some of its biggest customers to take their business to rivals.


A Telstra spokesman said its main problem from the Toll hack had been the need to switch to manual processes from automated deliveries. Customers have become accustomed to next day deliveries as a bare minimum, and expect to be able to see online where their parcels are. Their spokesman said that it had brought in other delivery companies alongside Toll to try and make sure stock was available and minimize delays.


Optus too, has had to make new commercial agreements with Toll's rivals and said it was unable to comment, at this stage, on whether it would resume its work with Toll in the same capacity after the hack was resolved.


The cyberattack on Toll serves as a huge wake-up call to other companies, said cybersecurity experts. The length of delay showed Japanese-owned Toll had understated the severity of the problem in its public statements.


The Toll Group, from the looks of it, is now staring at a long and expensive recovering period.


READ MORE:
Nine steps to cybersecurity

Spotlight

Learn how Trend Micro’s Connected Threat Defense can improve an organizations security against new, 0-day threats by connecting defense, protection, response, and visibility across our solutions.  Automate the detection of a new threat and the propagation of protections across multiple layers including endpoint, network, servers, and gateway solutions.

Spotlight

Learn how Trend Micro’s Connected Threat Defense can improve an organizations security against new, 0-day threats by connecting defense, protection, response, and visibility across our solutions.  Automate the detection of a new threat and the propagation of protections across multiple layers including endpoint, network, servers, and gateway solutions.

Related News
DATA SECURITY

ISARA, Carillon and Crypto4A Partnership enables a world first Canadian fully integrated Quantum-Safe Now PKI solution

Crypto4A Technologies Inc., ISARA Corp., and Carillon Information Security Inc. today announced their partnership agreement focused on providing organizations with a next generation Quantum Safe NowTM Public Key Infrastructure (PKI) solution. The Quantum-Safe Now™ PKI solution integrates ISARA's Radiate Quantum-safe Toolkit and Catalyst Agile Digital Certificate Methodology, which provide hybrid crypto-agility, with Carillon's world class PKI CertServ ID Management Suite operating on Crypto4A's QxEDGE™ and QxCloud™ Hybrid Security Platform (HSP). By working together, the three Canadian organizations provide a world first quantum safe PKI solution running on purpose-built hybrid crypto-agile hardware. As part of the partnership, the companies intend to develop and market seamless, easy to use quantum-safe PKI cryptographic solutions that ease digital transformations, enable cryptographic agility and simplify cryptographic management. Today's connected economies, identity based digital transformations, DevSecOps teams and cloud-based deployments require new cryptographic capabilities based on quantum-safe software and hardware to provide enterprises with the forward agility, seamless access, security and controls required for cloud, edge, and end user environments. "ISARA's suite of proven crypto-agile capabilities effectively complements the proven capabilities of both Carillon's PKI software and Crypto4A's hardware based crypto-agility resulting in a more robust and easier to use Quantum-Safe Now™ PKI solution. Our approach is to enable customers to discover and manage their cryptographic capabilities in an agile, quantum-safe and trusted way. Our collective experiences, knowledge and integrated Quantum Safe Now™ PKI solution de-risks digital transformations and migrations to address the evolving security requirements for today and tomorrow," said Scott Totzke, CEO and Co-founder at ISARA. Identity based digital environments, applications and relationships rely on cryptography for their trust, innovation, security and privacy. By working with ISARA and Carillon, we demonstrate the power of the Canadian cryptography industry to elevate the original PKI architecture as well as demonstrate the agile capabilities of our FPGA based QxTrust Architecture™(QxTA™). As progress is made in better cloud and edge security, privacy and data management, new requirements are emerging that place material stress on the foundations of today's cryptographic hardware. This new collaborative offering helps to remove some of these stresses and represents our approach to cooperation John Scott, CEO of Crypto4A "We are excited to be partnering with Crypto4A and ISARA on this common PKI initiative. The experience that they both bring from a cryptography and an engineering perspective, provides Carillon and its customers with an integrated approach to an agile Quantum Safe Now™ PKI solution. Quantum Safe Now™ demonstrates our ongoing commitment to meet the emerging needs of the connected enterprise for innovation with digital trust", said Patrick Patterson, President and Chief PKI Architect of Carillon. About Radiate™ Quantum-safe Toolkit and Catalyst Agile Digital Certificate Methodology The ISARA Radiate™ Quantum-safe Toolkit is a high-performance, lightweight, standards-based quantum-safe software development kit, built for developers who want to test and integrate next-generation post-quantum cryptography into their commercial products. ISARA Catalyst™ Agile Digital Certificate Methodology enables a seamless, cost-effective and simplified migration to quantum-safe security today to protect investments in durable connected devices and the Internet of Things (IoT) and complex public key infrastructures with no impact to end-users. Catalyst certificates support two cryptographic algorithms within a single certificate and can support both classic and quantum-safe public keys and signatures. About CertServ ID Management Suite CertServ ID Management Suite is the first, single technology PKI platform that is designed with the users in mind. It offers a simple, easy to use, easy to deploy series of components that facilitate all aspects of PKI credential management. From devices to people, hardware or software-based credentials are simple to issue, manage, and maintain. About QxEDGETM and QxCloudTM QxEDGETM and QxCloud™ HSP's provide a suite of next generation capabilities that are an alternative to traditional HSM capabilities. Architected to be native for quantum-safe crypto-agility in cloud, zero trust and remote working environments. QxEDGETM and QxCloud™ enable the adoption of hybrid certificate techniques and post quantum cryptographic algorithms, ensuring cost and security effective crypto-agility for identity-based application environments. About ISARA ISARA, with its knowledge and experience in cybersecurity over the years, is a global leader in crypto-agile technologies and quantum-safe security solutions that can continue to protect current computing ecosystems into the quantum age. Capitalizing on know-how garnered in using agile methods to develop these cryptography implementation and public key authentication technologies, ISARA will target the development of crypto agility and quantum-safe security solutions compliant with the international standardization of quantum secure cloud technology. About Carillon Information Security Carillon Information Security Inc. provides a complete spectrum of identity management solutions that are designed to prevent identity theft, promote the migration from paper to electronic authentication, and avoid the loss of intellectual property. From consulting services, to credential issuance and validation software to managed identity services, Carillon can provide the skill sets and tools to help companies take control of their corporate digital credentials. About Crypto4A Crypto4A QxTrust Architecture™(QxTA™) helps enable crypto agility for Zero Trust environments. Developed by founders who created previous crypto key and HSM architectures, our patented QxTA™ helps secure and accelerate digital transformations, cloud migrations and crypto-agility by deploying, managing and protecting digital keys, workloads, data and applications from anywhere in the world.

Read More

DATA SECURITY

Area 1 Security and SolCyber Partner to Deliver the Only Managed Preemptive Cloud Email Security to the Midmarket

Area 1 Security has been selected as the primary cloud email security provider for all customers of SolCyber, the first modern MSSP for the midmarket. Area 1's industry-first preemptive cloud email security stops phishing campaigns 24 days (on average) before they launch — keeping inboxes clean of threats that cause 95% of cybersecurity incidents. The SolCyber and Area 1 partnership brings best-in-class email protection to midsize organizations, which are increasingly targeted by phishing attacks. According to a recent survey by RSM US LLP in partnership with the U.S. Chamber of Commerce, 45% of mid-market executives said that social engineering attacks were successful last year — despite 90% of their organizations providing security awareness training. Additionally, 33% of mid-market executives disclosed that they experienced a ransomware attack or demand in 2020. The implications for mid-market organizations — which typically have fewer in-house resources and specialty expertise compared to larger organizations —are significant and costly. In fact, of the mid-market businesses that have experienced a cyberattack, 63% are unable to resume normal business operations for over a month. In one 12-month period, Area 1 Security prevented more than half a billion dollars in direct losses for its customers, including some of the world's largest healthcare, financial services, retail and consumer goods brands. Its cloud-scale solution is one of the core components in SolCyber's Foundational offering, a simple-to-implement curated technology stack, which also includes endpoint with EDR capabilities, lateral movement detection, and active directory and admin exploitation prevention. We're very excited about our partnership with Area 1 Security. They have an amazing web crawling infrastructure that gives early warning protection that really matters to our customers. It's not often you can find a preemptive security technology that really works, and provides immediate value,Our customers want to stop ransomware and other cyber threats to their businesses. Period. But they typically don't have the time or resources to build a mature security posture on their own. Area 1 fits seamlessly into our Foundational Coverage, it deploys in minutes and is highly scalable, accelerating our customers' time to realize true value. SolCyber CEO Scott McCrady "We are thrilled to partner with a modern MSSP with an extremely user-friendly model. Like Area 1, SolCyber is committed to making it easy for organizations of all sizes to deploy best-in-class cloud-based security," said Steve Pataky, chief revenue officer of Area 1 Security. "We look forward to getting all of SolCyber's customers to INBOX.CLEAN™ — an inbox free of ever-evolving threats that defraud companies of data, dollars and brand confidence." About SolCyber SolCyber, a ForgePoint company, is the first modern MSSP to deliver a curated stack of enterprise strength security tools and services that are streamlined, accessible and affordable for any organization. SolCyber is disrupting the status quo, by providing a new standard of managed security services that work to reduce cyber risk, wastage and complexity. We believe in a secure environment for all. For more information about SolCyber, visit solcyber.com or follow us at @SolCyberMss or on LinkedIn. About Area 1 Security Area 1 Security is the only company that preemptively stops Business Email Compromise, malware, ransomware and targeted phishing attacks. By focusing on the earliest stages of an attack, Area 1 stops phish — the root cause of 95 percent of breaches — 24 days (on average) before they launch. Area 1 also offers the cybersecurity industry's first and only performance-based pricing model, Pay-per-Phish. Area 1 is trusted by government agencies and Fortune 500 enterprises across financial services, healthcare, critical infrastructure and other industries, to preempt targeted phishing attacks, improve their cybersecurity posture, and change outcomes.

Read More

DATA SECURITY

BlueVoyant Partners with SentinelOne to Accelerate & Scale Endpoint Defense Against Advanced Cyber Attacks

BlueVoyant, a cybersecurity company, today announced a strategic partnership with SentinelOne, an autonomous cybersecurity platform company. The partnership will see BlueVoyant unite its unrivaled cybersecurity expertise with the advanced, automated endpoint detection and response capabilities of SentinelOne's Singularity Complete Suite to deliver exceptional Managed Detection and Response (MDR) services to clients. The cyber threat environment continues to intensify as organizations implement long-term distributed working solutions, and the number of endpoints proliferates as a result. This expanded attack surface is attracting more sophisticated, well-resourced, and persistent adversaries, putting pressure on businesses of all sizes to mount effective, multi-layered defense programs – often with limited financial and technical resources that do not match the scale of threats they face. Our partnership with SentinelOne aligns with BlueVoyant's goal to make best-of-breed technologies and services accessible to companies of all sizes. The SentinelOne Singularity Complete Suite, deployed alongside our elite 24/7 security operations experts, will empower our MDR service to deliver proactive defense and threat eradication capabilities. This gives customers confidence that their systems are well defended against sophisticated attacks. Milan Patel, Global Head of Managed Security Services at BlueVoyant BlueVoyant's MDR service is designed for new and existing SentinelOne customers, who are looking for an elite security operations partner to strengthen their cybersecurity posture and prevent disruptive attacks. It supports clients by monitoring, investigating, responding to, and mitigating advanced attacks on endpoints. Offering initial setup, continuous policy management and tuning, implemented by the experts in BlueVoyant's elite 24/7 security operations center, BlueVoyant MDR provides full-spectrum protection throughout the security event cycle. SentinelOne's Singularity Complete Suite provides single-agent, enterprise-grade attack prevention, detection, response and handling across endpoints, cloud and IoT, coupled with critical automations that lift the burden from analysts. It automatically correlates telemetry and maps it into the MITRE ATT&CK® framework, reducing manual investigation times and the risk of alert fatigue for SOC and IT analysts. Nicholas Warner, COO of SentinelOne, added: "BlueVoyant's MDR service gives customers access to advanced expertise not typically available in-house. By complementing those skills with the visibility and automation at the heart of our Singularity Complete suite, we have formed a compelling partnership that extends the scope of effective cybersecurity." Jim Rosenthal, CEO of BlueVoyant, concluded: "Our partnership will enable BlueVoyant to similarly advance the speed, scale, and accuracy of our MDR services, bringing enterprise-level cybersecurity within the reach of small to mid-sized businesses." About BlueVoyant At BlueVoyant, we recognize that effective cybersecurity requires active prevention and defense across both your organization and supply chain. Our proprietary data, analytics and technology, coupled with deep expertise, works as a force multiplier to secure your full ecosystem.

Read More