Toll Pays The Price For Cyberattack, Expert Gives Warning
Toll Group says it has been forced to shut down its IT systems, leading to days of missed deliveries and lost parcels, after it was struck by a new variant of ransomware.
The logistics giant said in a statement on its website that it was targeted by a malicious breach but was working to restore functionality to its systems.
‘We can confirm the cyber security incident is due to a targeted ransomware attack which led to our decision to immediately isolate and disable some systems in order to limit the spread of the attack,’ Toll said on its website.
‘The ransomware that has affected Toll is a new variant of the Mailto ransomware. We have shared samples of the relevant variant with law enforcement, the Australian Cyber Security Centre, and cyber security organisations to ensure the wider community is protected.
‘There continues to be no indication that any personal data has been lost as a result of the ransomware attack on our It systems. We continue to monitor this as we work through a detailed investigation.’
Darren Hopkins, Partner at McGrathNicol Advisory, said the original ransomware variant has been known since early last year and that it was now common for attackers to customise the malware they use to avoid detection by antivirus software.
‘When ANU released its report on the attack on the university last year the attacker in that event altered the signatures of more common malware to avoid detection. In was also noted in the report that the ANU published that the custom malware was created on actual ANU servers and then deployed from there,’ Hopkins told The Australian.
He added that organisations needed to consider a layered, sophisticated approach to security that includes controls to defend against attacks as they happen.
‘It is not known yet what Toll group had in place to defend against this type of attack and they have advised that samples of the new malware were sent to the ACSC for analysis… The ACSC provides all organisations with guidance on how to defend against various cyber risks and they clearly call out ransomware,’ he said.
But Corey Nachreiner, Chief Technology Officer at WatchGuard Technologies, said that malicious attackers use sophisticated and targeted attacks that breach networks using stolen, privileged user credentials before loading any ransomware.
It’s through this process that they bypass security controls in order to install the ransomware, he said.
While it is still unknown as to how Toll’s attackers gained access to their system and got ransomware in, but the best way for individuals and companies to protect themselves from similar attacks is to just secure authentication practices and multi-factor solutions.
Nachreiner also said that Toll will not be the last victim of this sort of sophisticated attack this year, so people should create secure defences.