Airline Industry on Bad Radars

10969023457?profile=RESIZE_400xThere seems to be a current trend of attacking the airline industry.  In Germany, seven airports were hit by a suspected cyber-attack on 16 February.  Düsseldorf, Nuremberg, and Dortmund airports were among those impacted, but the websites for Germany’s three busiest airports: Frankfurt, Munich, and Berlin—were all functioning normally.  These airports were victim to large-scale DDoS attacks.  Currently, other airport systems were not affected.  From Reuters, the chief executive also added that the websites of the seven airports were temporarily unavailable and also noted that the extent to which the issue will spread to other locations remains to be seen.  The incidents come a day after a massive IT failure at Lufthansa left thousands of passengers stranded.[1]

A DDoS (Distributed Denial of Service) attack prevents legitimate users from accessing their desired websites by flooding those specific sites’ servers with massive volumes of illegitimate requests.  These attacks are usually performed by “hacktivists” in an attempt to knock them offline.

Earlier this week, Scandinavian Airlines (SAS) posted a notice warning passenger that a recent multi-hour outage of its website and mobile app was caused by a cyber-attack that also exposed customer data.  The cyber-attack caused some form of a malfunction on the airline's online system, causing passenger data to become visible to other passengers.  This data includes contact details, previous and upcoming flights, as well the last four digits of the credit card number.  “Last night SAS, alongside several other companies, were subjected to a cyberattack that led to our website and app being down for a few hours.  Furthermore, some passengers' data became visible to other passengers who were active during the ongoing attack.” - SAS.

The airline, which operates a fleet size of 131 aircraft and flies’ people to 168 destinations, says the risk of this exposure is minimal, as the leaked financial information is only partial and cannot be easily exploited.  Also, it clarifies that no passport details have been exposed.  However, full names and contact information is enough to allow threat actors and scammers to perform targeted phishing attacks if they accessed the exposed data during the attack.  "We always cooperate with the national CAA (Civil Aviation Agency), police, and security police when security matters are concerned – irrespective of the issue in question," concludes the SAS statement.  "We are monitoring the situation closely and continue the work to analyze and evaluate the attack and related consequences, as well as take preventive measures."

As reported by The Record, the attack on SAS was claimed by a group of so-called hacktivists called 'Anonymous Sudan,' who posted a statement about the attack on their Telegram channel.  Really?

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com             

Weekly Cyber Intelligence Briefings:

  • Reporting: https://www. redskyalliance. org/   
  • Website: https://www. wapacklabs. com/  
  • LinkedIn: https://www. linkedin. com/company/64265941   

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://attendee.gotowebinar.com/register/5504229295967742989  

[1] https://heimdalsecurity.com/blog/seven-german-airports-hit-by-suspected-cyber-attack/

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!