Logistics giant Toll Group has fallen victim to cyber attackers for a second time this year, with experts saying they should be better prepared to recover this time.

“This is unrelated to the ransomware incident we experienced earlier this year. Toll has no intention of engaging with any ransom demands, and there is no evidence at this stage to suggest that any data has been extracted from our network,” Toll’s statement said.
“We are in regular contact with the Australian Cyber Security Centre (ACSC) on the progress of the incident.
“We have business continuity plans and manual processes in place to keep services moving while we work to resolve the issue. We expect these arrangements to continue for the remainder of the week.”
In the attack earlier this year, which ran from late January until early March, it faced a protracted period where it couldn’t tell customers including Telstra, Optus and OfficeWorks where their parcels were, some of its clients signed temporary agreements with its rivals.
Cyber security experts told The Australian Financial Review that a fresh attack was a terrible blow for the company, particularly coming during the COVID-19 pandemic when most back office staff are working from home and others have been put on reduced hours to save money.
However they said that hopefully the experience of dealing with the earlier attack would mean this one was less damaging for the company and its clients.
“This is a new level of hell for Toll and all my clients are extremely sympathetic because no one wants to go through one major attack, let alone two in a row,” James Turner the managing director of chief security officer advisory group CISO Lens said.
“During Toll’s first attack, other company boards were asking their security executives for an assessment of how their company would deal with a similar scenario and it sharpened the focus on supply chain exposure.
“Criminals, by definition, don’t play fair. But this second attack against Toll, which is such a crucial component of Australia’s logistics, is beyond criminal.”
Head of the cyber security practice at consulting firm Ankura Shannon Sedgwick said security researchers have known about Nefilim since February 2020. He said it was structurally similar to previous strains of ransomware, like the Mailto strain that hit Toll before – but has a different ransom payment system.
“It is unlikely that this attack will be as damaging as the last. Since Toll has been through such a response very recently, their processes and staff should be well-prepared and one-would-hope, more resilient,” Mr Sedgwick said.
“Tolls recovery should be more rapid and their adoption of manual processes, more streamlined. However, it is yet to be seen how this second attack will affect the consumer trust and reputation of Toll.”
Mr Sedgwick said he suspected the substantial increase in people working from home during the pandemic meant the likely method of entry for the hackers was through exposed Remote Desktop Protocols (RDP) or virtual desktop endpoints, which could have been accessed due to a lack of multi-factor authentication.
The attack is the last thing Toll’s owners Japan Post, which was already counting the cost of its decision to buy Toll for $8 billion in 2015.
Last month Street Talk revealed that Japan Post had called in bankers to pitch potential salvage plans for Toll including a sale, after already taking steep writedowns on its investment.
Toll’s response will be in the hands of a newly appointed technology boss, after chief information officer Francoise Russo left at the end of March to join Tabcorp.
A Toll spokeswoman said she hadn’t left as a result of the earlier problems, and had advised Toll of her intention to leave the organisation a few months prior.
“She was scheduled to start a new job following a one month break after leaving Toll. Our new CIO, King Lee, joined the company at the start of March, and Francoise supported a transition during the hand over period,” the spokeswoman said.
Prior to joining Toll Mr Lee was based in Shanghai as general manager of Global Operations in the Asia Pacific region at GE, where he was in charge of shared services, such as finance, supply chain, HR and legal.