Revolut Suffers $20 Million Loss After Security Flaw in Payment System is Exploited

Malicious actors took advantage of an undisclosed vulnerability in Revolut’s payment systems, leading to the theft of over $20 million in early 2022, as reported by the Financial Times. The breach, which has not been made public, originated from inconsistencies between Revolut’s U.S. and European operations, resulting in erroneous refunds using the company’s funds when certain transactions were declined. The issue was first identified in late 2021, but before it could be resolved, organized crime groups exploited the loophole by prompting individuals to initiate costly purchases that would be declined. These refunded amounts were subsequently withdrawn from ATMs. While the exact technical details of the vulnerability remain unclear, approximately $23 million was stolen in total, with some of the funds retrieved by tracking those who had withdrawn cash.

Revolut Reports $20 Million Loss Following Exploitation of Payment System Vulnerability

July 10, 2023

In early 2022, Revolut fell victim to a significant security breach, leading to a loss exceeding $20 million due to exploitation of an undisclosed flaw within its payment systems. This incident was brought to light by the Financial Times, which cited multiple anonymous sources familiar with the situation. Notably, the breach has yet to be publicly acknowledged by Revolut, raising concerns about transparency and communication in cybersecurity events.

The vulnerability arose from a discrepancy between Revolut’s U.S. and European payment systems. This inconsistency led to erroneous refunds from the company’s own funds when certain transactions were declined. The issue was first identified in late 2021, but before the company could implement a fix, it was reportedly exploited by organized groups. These groups encouraged individuals to attempt high-value purchases that would ultimately be declined, allowing them to withdraw the refunded amounts from ATMs.

Although full technical details surrounding the vulnerability remain unclear, the scale of the attack highlights significant risks associated with payment processing systems. In total, approximately $23 million was reported stolen, with some funds recovered through efforts to track down individuals who withdrew cash at ATMs.

This incident underscores the importance of robust cybersecurity measures within financial institutions, particularly regarding payment processing systems. Employing MITRE ATT&CK tactics can provide a framework to better understand the possible methods employed by attackers during such breaches. Initial access techniques may have been used by the perpetrators to exploit the vulnerability, followed by tactics involving privilege escalation to enhance their control of the compromised systems.

Moreover, the incident raises questions related to the adequacy of security measures currently adopted by financial services. The rapid response and subsequent remediation efforts following the identification of vulnerabilities are crucial to mitigating risks posed by opportunistic cybercriminals, especially when valuable resources are at stake.

As businesses navigate the increasingly complex landscape of cybersecurity threats, maintaining vigilance and implementing industry best practices will be essential. The Revolut breach serves as a stark reminder of the vulnerabilities that exist within payment processing and the potential repercussions of overlooking such critical security gaps.

Source link

Related Posts

Caution: Big Head Ransomware on the Rise—Disguised as Phony Windows Updates

July 11, 2023
Ransomware / Windows Security

A newly emerging ransomware known as Big Head is spreading via a malvertising campaign that masquerades as fake Microsoft Windows updates and Word installers. Initially identified by Fortinet FortiGuard Labs last month, multiple variants of this ransomware have been found, all designed to encrypt files on victims’ devices in exchange for cryptocurrency payments. According to Fortinet researchers, “One variant of the Big Head ransomware presents a fake Windows Update, suggesting it may also be distributed as counterfeit updates.” Another variant features a Microsoft Word icon, indicating its distribution as fraudulent software. The majority of Big Head samples reported so far are from the U.S., Spain, France, and Turkey. Recent analysis by Trend Micro has further explored this .NET-based ransomware, highlighting its capability to deploy three encrypted binaries: 1.exe for propagation…

Microsoft Thwarts Cyber Attack by Chinese State Actor Targeting Western European Governments

On July 12, 2023, Microsoft announced that it successfully defended against a cyber attack launched by a Chinese nation-state actor, aimed at over two dozen organizations, including various government agencies. This espionage campaign, which began on May 15, 2023, sought to obtain sensitive data by gaining access to email accounts linked to approximately 25 entities and a limited number of consumer accounts. The tech giant identified the perpetrator as Storm-0558, a state-sponsored group targeting Western European government bodies. Microsoft stated, “Their focus includes espionage, data theft, and credential access,” and noted the use of custom malware referred to as Cigril and Bling for credential harvesting. The breach was detected on June 16, 2023, after a customer reported unusual email activity to the company.