Reeling from Cyberattack, Toll now has its Customers Leaving

Channel news | February 17, 2020

  • Toll Group was hit with a ransomware attack took down many of its delivery and tracking systems and leaving it unable to tell customers where their parcels were.

  • The company had to remove up to 500 applications that supported its international operations, spanning 25 countries.

  • There is a growing sense of anger over how the company has handled its response and the severity of the problem.

Freight delivery giant Toll Group is battling to fully restore its services after a cyberattack, took down many of its delivery and tracking systems, but now it stares at a much bigger problem: leaving customers.


The company was hit with a ransomware attack, known as "Mailto" or "Kazakavkovkiz" two weeks ago, leaving it unable to tell customers where their parcels were.


Toll Group says it has rolled out a deliberately cautious approach to restoring its systems after the cyberattack, despite the negative impact it has on customers.


On Sunday, a Toll spokesperson revealed the company had removed up to 500 applications that supported its international operations, spanning 25 countries. However, the company has also said that the Core systems including email, phones and end-user devices have been tested, restored and are operating as normal.



From the outset, we’ve prioritised customer-facing and other critical systems. We now have many of our customers back online and operating essentially as normal, including through large parts of our global cargo-forwarding network and across our logistics warehouse operations around the world. And, we’re progressively reactivating full services on the MyToll parcels booking and tracking portal.

- Spokesperson, Toll

The spokesperson declined to comment on the financial impact the cyberattack took on Toll, or the issues of penalties it had suffered from clients, saying it was too early to be specific about the impact.



Toll said earlier this month that it was working with the Australian Signals Directorate's Australian Cyber Security Centre (ACSC) as well as cybersecurity companies to help identify the virus and work out how to best respond. The ACSC later released an advisory notice about Mailto, saying it had published a so-called hash of the ransomware – an identifier that can be used by other organizations to scan their systems and get warning notifications if it is identified on their network.



At this time, the ACSC is unaware whether these incidents are indicative of a broader campaign. There is some evidence that Mailto actors may have used phishing and password spray attacks, and then used compromised accounts to send further phishing emails to the user’s address book to spread the malware. There is currently limited information from this compromise on how the malware is spread laterally across a network.

- Australian Cyber Security Centre (ACSC)

READ MORE:
Ryuk: defending against this increasingly busy ransomware family


Disgruntled Customers


Companies including Unilever, Adidas, Nike, Telstra, Optus, Footlocker and Officeworks, have been left to fend off disgruntled customers due to indefinite delays for deliveries. Toll is understood to have been hit by numerous penalty payments due to its failure to fulfill contractual commitments. Many of these companies, though, have denied to make any comments on Toll's troubles, admitting it has been the victim of a crime.


Privately there is a growing sense of anger over how the company has handled its response and the severity of the problem. The company adopted a deliberately cautious approach in the delay of bringing its systems back online quickly, in order to manage the threat in a methodological and orderly manner.


Toll did not pay the ransom, as is the strategy usually advised by experts,  and has declined to say how much was demanded. However, the time taken to investigate the problems and start bringing services back online has caused some of its biggest customers to take their business to rivals.


A Telstra spokesman said its main problem from the Toll hack had been the need to switch to manual processes from automated deliveries. Customers have become accustomed to next day deliveries as a bare minimum, and expect to be able to see online where their parcels are. Their spokesman said that it had brought in other delivery companies alongside Toll to try and make sure stock was available and minimize delays.


Optus too, has had to make new commercial agreements with Toll's rivals and said it was unable to comment, at this stage, on whether it would resume its work with Toll in the same capacity after the hack was resolved.


The cyberattack on Toll serves as a huge wake-up call to other companies, said cybersecurity experts. The length of delay showed Japanese-owned Toll had understated the severity of the problem in its public statements.


The Toll Group, from the looks of it, is now staring at a long and expensive recovering period.


READ MORE:
Nine steps to cybersecurity

Spotlight

Handling, managing, and protecting customer data is more than a compliance issue; it is a competitive differentiator if done well. Download this new report from Forrester Research, Inc., and learn what capabilities are necessary to build a cohesive and robust privacy program - and how your business will be able to more effectively manage consumer data as a result.


Other News
DATA SECURITY,SOFTWARE SECURITY

Rubrik Surpasses $400 Million in Subscription ARR and Launches Rubrik Zero Labs, Data Threat Research Unit to Help Combat Global Cyber Events

Rubrik | September 01, 2022

Rubrik, the Zero Trust Data Security™ Company, today announced it surpassed $400 million in software subscription annual recurring revenue (ARR) to date, growing over 100 percent year over year. The company has achieved a net dollar retention rate greater than 140 percent based on its ability to retain customers and expand within the customer base. Today, over 4,500 customers around the world and across multiple industries rely on Rubrik to help them secure their data and keep their business running, including BMO Financial Group, Citigroup, Estee Lauder, Fiserv, The Home Depot, and many others. The company also announced the launch of Rubrik Zero Labs, Rubrik’s new cybersecurity research unit to analyze the global threat landscape, report on emerging data security issues and give organizations research-backed insights and best practices to secure their data against the increasing threat of cyber events. “There is no industry, government, or company that is immune to cyberattacks. These threats continue to increase in volume and sophistication and have the power to bring entire organizations to their knees. “We are striking a chord with organizations globally because they need a better strategy to protect their data. With Rubrik, they are better able to secure their business from ongoing cyber events.” Bipul Sinha, CEO and Co-Founder of Rubrik Cybersecurity Veteran Steven Stone Joins as Head of Rubrik Zero Labs Today Rubrik announced it has named Steven Stone as the Head of Rubrik Zero Labs. Stone will lead Rubrik’s new data threat research unit to uncover real-world intrusions from a range of threats including espionage-based data breaches to ransomware attacks, and to inform customers and partners of the best ways to proactively address risk in their business operations. He has over 15 years of experience in threat intelligence with roles in the U.S. military, intelligence community, and private sector, including Mandiant/FireEye and IBM. Most recently, he was Vice President of Adversary Operations at Mandiant, leading global teams who were responsible for adversary hunting, attribution, and data collection efforts. “Data and insights are critical for understanding, responding, preventing, and recovering from cyber events. In many cases, the data aspects are the least understood across the threat landscape, and we want to close this delta. Comprehensive threat intelligence will enable organizations to make informed decisions so they can be prepared for a full swath of cyber threats,” said Stone. “I’m thrilled to pioneer the data threat intelligence unit at Rubrik and help to deliver valuable insights to our customers and the cybersecurity industry so that together we can stay ahead of the evolving data threat landscape.” Additional Milestones: Rubrik has also achieved a number of recent industry recognitions, landmark accomplishments, and launches including: Launched Rubrik Security Cloud to secure customers’ data wherever it lives across enterprise, cloud, and SaaS while delivering data resilience, data observability, and data recovery Grew the leadership team by appointing Mike Mestrovich as Chief Information Security Officer (CISO), following his role as CISO at the Central Intelligence Agency (CIA). Appointed Chris Krebs — former director of the U.S. Cybersecurity and Infrastructure Agency (CISA) — as Chair of Rubrik’s new CISO Advisory Board, where he will assemble some of the nation’s top CISOs to facilitate information exchange and thought leadership in data security. Rubrik also named Ghazal Asif, who previously served as Google’s Head of Channel for EMEA, as Head of Global Partners and Alliances Named a Leader in the 2022 Gartner® Magic Quadrant™ for Enterprise Backup and Recovery Software Solutions, positioned the furthest overall in Completeness of Vision for third year in a row Rubrik ranked amongst highest scoring 3 vendors for all Use Cases in 2022 Gartner® Critical Capabilities™ for Enterprise Backup and Recovery Software Solutions for 2 consecutive years Received numerous industry accolades, including placement on the Forbes Cloud 100 for the sixth year in a row, and distinction as winner of the Global InfoSec Awards as Hot Company in Data Security About Rubrik Rubrik is a cybersecurity company, and our mission is to secure the world’s data. We pioneered Zero Trust Data Security™ to help organizations achieve business resilience against cyberattacks, malicious insiders, and operational disruptions. Rubrik Security Cloud, powered by machine learning, secures data across enterprise, cloud, and SaaS applications. We help organizations uphold data integrity, deliver data availability that withstands adverse conditions, continuously monitor data risks and threats, and restore businesses with their data when infrastructure is attacked.

Read More

DATA SECURITY,PLATFORM SECURITY

SCYTHE New Version 4.0 Enhances Collaboration Across Multiple Security Team Roles

SCYTHE | September 09, 2022

SCYTHE, a leader in adversarial emulation, announced the release of version 4.0 of the company’s flagship cybersecurity platform, offering new features and functionality that will extend capabilities for greater collaboration between blue, red, and purple teams. SCYTHE runs real-world adversary emulations that help security teams reduce detection and response rates, validate controls, and optimize resources by enabling teams to prioritize vulnerabilities, and focus on the highest risk issues to the business. Its scalable platform automates adversary emulations and expands your team’s threat intelligence skills so that you can multiply your cybersecurity team’s velocity and reduce cybersecurity risk. SCYTHE has the largest, public library of threats in the breach attack simulation industry and has more capabilities than all other competitors combined as shown by Tidal Cyber’s Community Edition of their SaaS threat-informed defense platform. With a redesigned UI, SCYTHE 4.0 makes threats easier to manage by bringing campaign details to the surface, allows for greater communication between team members, and makes it simpler to take action via Jira integrations—all available as an on-prem or SaaS offering. Through automation, communication, and integrations, SCYTHE 4.0 is designed to help security teams collaborate, as a purple team, on adversary emulation. “The new SCYTHE 4.0 platform sets a new standard for adversary emulation automation for offensive, defensive, and hybrid purple teams to help customers strengthen defenses, share actionable data between teams to better resolve real-world cybersecurity concerns quickly, and improve collaboration,” said Stephanie Simpson, VP, Product. “Version 4.0 is based on feedback from our customers and prospects about what they need to optimize their teams’ breach and attack simulation (BAS) capabilities.” In addition to this, SCYTHE’s Cyber Threat Intelligence (CTI) Team just released offerings that are complementary to the SCYTHE platform capabilities and services that can serve as an extension of your security team. This includes emergency action emulation plans, custom plans, cloud-focused plans, and emulation plans covering more diverse tactics, techniques and procedures. What’s New With 4.0? SCYTHE version 4.0 was designed to enhance collaboration within security teams and improve the user experience. These updates include: Collaboration features — SCYTHE enables greater collaboration between blue, red, and purple teams to create and leverage existing adversary emulation plans. The updated, user-friendly dashboard clearly displays outcomes and severity of campaign results. Users can have different access levels to create and personalize realistic attacks or re-run existing attacks. In-platform messaging now allows for better and faster communication between users. Workflow automation — Users can take a more collaborative team approach and seamlessly share actionable insights through a Jira integration. SaaS and on-prem — Previously an exclusively on-prem solution, SCYTHE 4.0 now has a SaaS offering available to provide flexibility to customers in any type of environment. SCYTHE 4.0 will be available for customers in Q4. About SCYTHE SCYTHE is like hiring the hacker you always wanted, but could never afford. SCYTHE transforms your organization’s capabilities and defines a new technology category: Attack, Detect, and Respond to integrate cybersecurity risk management across people, process, and technology. The SCYTHE 4.0 platform enables collaboration between red, blue, and purple teams to build and emulate real-world adversarial campaigns. Customers can easily and quickly validate the risk posture and exposure of their business and employees and the performance of enterprise security teams and existing security solutions.

Read More

SOFTWARE SECURITY

GrammaTech and T.E.N. Announce Call for Nominations for Product Security Executive of the Year Awards

GrammaTech | August 16, 2022

GrammaTech, a leading provider of application security testing products and software research services, and T.E.N., founder of the Information Security Executive® (ISE®) of the Year Awards, today announced the Product Security Executive (PSE) of the Year Awards. This annual competition will recognize individuals whose contributions have delivered advancements in security for embedded or commercial software products. Nominations are now being accepted through October 10, 2022 at The judging panel includes: Edna Conway, Vice President, Security & Risk Officer, Cloud Infrastructure at Microsoft, former CSO, Cisco Global Value Chain and a member of the Executive Committee of the U.S. Department of Homeland Security Task Force on ICT Supply Chain Risk Management. Malcolm Harkins, Chief Security & Trust Officer with Epiphany Systems, former Chief Security and Privacy Officer (CSPO) and the first CISO at Intel Corporation. Troy Rydman, Senior Practice Leader - Global Strategic Accounts, Security, Risk, & Compliance for Amazon Web Services (AWS) and former cybersecurity executive with Silicon Valley Bank, with fourteen years of increasing cybersecurity leadership. “In a world of increasingly autonomous products, from cars to appliances to robots, managing the integrity of the software that enables our connected world is critical. The Product Security Executives who drive quality, security and safety of our many devices are pivotal to the digital economy. “It is time to recognize these individuals and the significant contributions they make in securing the software at the heart of our hyper-connected world.” Edna Conway, VP, Security & Risk Officer, Microsoft Cloud Infrastructure Eligibility U.S.-based executives, including those with director, vice president, chief product security officer or similar titles, who are responsible for product security management are eligible for consideration. This includes individuals overseeing security at all stages of the product development lifecycle for software, firmware and/or embedded code; as well as secure product design, risk and vulnerability management and standards/regulatory compliance. There is no cost to enter. “There’s an increased emphasis on maintaining the safety and security of embedded software across virtually all industries, which is becoming the responsibility of a Product Security Executive whether or not the title exists,” said Andrew Meyer, Chief Marketing Officer for GrammaTech. “We collaborated with T.E.N. to create this award competition and recognize the men and women on the front lines of this new discipline, honor their accomplishments and share their best practices with the industry.” “The number of IoT devices is in the billions and we will continue to see an ever-growing number of devices become smart and connected,” explains Marci McCarthy, CEO and President of T.E.N. “Every device is at risk for cyberattacks, and threat actors are taking advantage of every opportunity to exploit product security vulnerabilities. Demand for product security has thus grown across multiple industries, especially consumer electronics, automotive and healthcare. Because product security is a relatively new concept whose time has come, we are thrilled to partner with GrammaTech to recognize individuals for advancements and innovations leading to more secure products going to market.” About T.E.N. T.E.N. is an award-winning technology and security networking and marketing firm that hosts relationship-building events between top Information Security executives, industry pioneers and innovative solution providers within the cybersecurity industry. Its flagship program, the nationally acclaimed Information Security Executive® (ISE®) of the Year Program Series and Awards, is North America’s largest leadership recognition and networking program for security professionals, honoring both leading executives and deserving project teams. About GrammaTech GrammaTech is a leading global provider of application security testing (AST) solutions used by the world’s most security conscious organizations to detect, measure, analyze and resolve vulnerabilities for software they develop or use. The company is also a trusted cybersecurity and artificial intelligence research partner for the nation’s civil, defense, and intelligence agencies. GrammaTech has corporate headquarters in Bethesda MD, a Research and Development Center in Ithaca NY, and publishes Shift Left Academy, an educational resource for software developers.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

SaaS Alerts Secures $22M Investment from Insight Partners to Scale SaaS Security Monitoring and Response Platform

SaaS Alerts | September 12, 2022

SaaS Alerts, the cybersecurity company purpose-built for Managed Service Providers (MSPs) to protect and monetize their customers' core business SaaS applications, announced today that it has secured a $22 million growth investment from global software investor Insight Partners to accelerate the growth of its SaaS Security monitoring and response platform. The accelerated rate of SaaS Application adoption by businesses, driven by the need to provide collaboration and productivity tools to remote workforces and for more centralized and tightly controlled business data resources, has elevated awareness and critical concern for major threat vectors and security gaps that exist in SaaS Application security. These security concerns present opportunities for MSPs to better safeguard their clients while offering SaaS security services that drive profitable new revenue streams. SaaS Alerts was designed to help MSPs monitor and protect their customers' usage of today's most popular SaaS applications such as Microsoft 365, Google Workspace, Salesforce, Dropbox and more – and to safeguard against security threats to a business' SaaS environment such as data theft, data that's at risk due to unintentional employee mishaps and actions taken by bad actors. "We couldn't be more excited to partner with Insight Partners and we see their investment in SaaS Alerts as a monumental endorsement for what we have built and what we intend to build as we collaborate going forward. "I'm very proud of our team for reaching this milestone and look forward to working with Insight to continue to build value for our MSP partners and stakeholders." Jim Lippie, CEO of SaaS Alerts "SaaS applications have become essential for businesses of every size and MSPs need the ability to better protect those applications on behalf of their customers. SaaS Alerts has pioneered SaaS security for MSPs and has a clear vision for how detecting and correlating abnormal user behavior can greatly impact the MSP industry," said Philine Huizing, Principal at Insight Partners. "We're excited to partner with SaaS Alerts as the company scales to address this unique opportunity." About SaaS Alerts SaaS Alerts is the cybersecurity company purpose-built for MSPs to protect and monetize customers' core SaaS business applications. SaaS Alerts offers a unified, real-time monitoring platform for MSPs to protect against: data theft, data at risk and bad actors and integrates with the most popular SaaS Applications. Learn more at www.saasalerts.com. About Insight Partners Insight Partners is a global software investor partnering with high-growth technology, software, and Internet startup and ScaleUp companies that are driving transformative change in their industries. As of June 30, 2022, the firm has over $80B in regulatory assets under management. Insight Partners has invested in more than 700 companies worldwide and has seen over 55 portfolio companies achieve an IPO. Headquartered in New York City, Insight has offices in London, Tel Aviv, and Palo Alto. Insight's mission is to find, fund, and work successfully with visionary executives, providing them with practical, hands-on software expertise to foster long-term success. Insight Partners meets great software leaders where they are in their growth journey, from their first investment to IPO.

Read More

Spotlight

Handling, managing, and protecting customer data is more than a compliance issue; it is a competitive differentiator if done well. Download this new report from Forrester Research, Inc., and learn what capabilities are necessary to build a cohesive and robust privacy program - and how your business will be able to more effectively manage consumer data as a result.

Resources