The Royal Mail, a British postal service and courier company, is the largest courier company in the UK, with a market share that is double that of Amazon. An open redirect vulnerability on a site belonging to the centuries-old Royal Mail exposed its consumers to phishing and malware attacks.
An open redirect vulnerability occurs when a web application uses user-supplied input, like as a URL or parameter, to redirect the user to another website without properly checking or purifying the data. Attackers might use the vulnerability to deceive users into accessing malicious websites or phishing pages by masking the harmful URL as a legal one. The website is currently disabled.
In January 2023, Royal Mail was again targeted by a cyber-attack. International parcel and letter shipping by Royal Mail through its post office branches came to a halt.
The attackers, the Russian-linked LockBit ransomware group, asked for a large ransom payment in exchange for the decryption key. After hackers encrypted the international shipping devices, the ransom notes were purportedly printed on custom dockets. Obviously, the company refused to pay the ransom demand, which some estimate was in the millions of dollars. The attackers then threatened to post the stolen and encrypted material on the internet.
Customers had to wait longer since the company had to rely on manual processes. The attack undoubtedly harmed customer trust in the company. These cyber-attacks have demonstrated the importance of improved cyber security at Royal Mail.
Join us to jumpstart your cyber career: https://www.worldcybersecurities.com/membership/