Malaysian Airline Ransomware Attack

Uploaded on 2022-12-22 in BUSINESS-Services-Transport & Travel, FREE TO VIEW, NEWS-Cybersecurity News

AirAsia, a budget airline that operates out of Malaysia, is dealing with the aftermath of a ransomware attack that saw the personal data of 5 million passengers and employees of the low-cost carrier stolen.  Malaysian authorities are investigating the source and the overall impact, but so far don’t have much usable evidence.

Investigations are continuing to find the source of a ransomware attack that compromised and stole the personal data of passengers and all employees of AirAsia, according to Malaysia’s Communications and Digital Ministry.

AirAsia is a multinational low-cost airline headquartered near Kuala Lumpar in Malaysia. It is the largest airline in Malaysia, and operates scheduled domestic and international flights to more than 165 destinations across 25 countries.

The cyber attacks happened on November 11th and 12th when samples of the stolen personal data were found leaked to the Dark Web approximately a week later. The posted samples contained varying degrees of sensitive information, such as employees' personal data, passenger booking information, and even photos.

Shortly after the cyber attack, a hacker group known as the Daixin Team claimed responsibility and the gang is dangerous and the FBI and CISA has sent out an alert. The group has been active since June 2022, although previously has only targeted health care and public health facilities. The “Daixin Team” is notable for entering organisations networks through unpatched VPN vulnerabilities, a cyber security weakness that has become increasingly common since the COVID-19 pandemic prompted an increase in remote working, which prompted an increased need for Virtual Private Networks (VPNs).

To add insult to injury, the cyber criminal gang announced that they would not want to launch another attack on AirAsia due to how 'sloppy' its internal organisation and management appeared. 

The Daixin Team also alleged that breaching AirAsia was too easy given how weak the airline's network security and protection was, and the cybercriminal group was disappointed at the lack of a challenge. The hacker group sent AirAsia samples of the stolen personal data but added that they stopped short of stealing air traffic control-related and other sensitive airline applications that could cause physical harm.

The airline did respond to the attack and has engaged with the Daixin Team via chat, and says that it has continuously rejected attempts to negotiate the ransom amount, highlighting its stated intention not to pay any amount. 

Investigation teams from the Personal Data Protection Department and Cybersecurity Malaysia have also been deployed since the attack, and they started their probe by having discussions with Capital A on December 1st. Early investigations showed that the cyber attack was caused by unpermitted access into the airline's system. 

Regardless of who was responsible for the cyber attack and how it could have happened, such an attack further emphasises the need for all data users, such as AirAsia, to consistently strengthen their network security and protection.

There have been numerous attacks on both airlines and the public-facing portion of airport websites over the past five years. An attack in India earlier this year disrupted flight scheduling for several days, but did not prevent planes from flying. FedEx’s air shipment service has also been hit by ransomware attacks at least twice, but flight operations are not known to have been impacted.

SimpleFlying:    CPO Magazine:    TEISS:      Straits Times:   TECSEC:      CyberNews

You Might Also Read: 

Cyber Security At Schiphol Airport Is Ineffective:

 

« Britain’s Free Cyber Security Service
Guardian Newspaper Suffers A Large Scale Ransomware Attack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

SSL247

SSL247

SSL247 is Europe's leading Web Security Consultancy Firm. We enjoy long-standing partnerships with Certificate Authorities including Symantec, GlobalSign, Entrust Datacard, Comodo, Thales and Qualys.

Omerta

Omerta

Omerta is a global security technology and services company. We advise, consult, design, build, mitigate, protect, manage, provide and train to protect from increasing cyber threats.

TZ-CERT

TZ-CERT

TZ-CERT is the National Computer Emergence Response Team of Tanzania.

Early Warning Services

Early Warning Services

Early Warning is committed to providing awareness, education, and enablement around fraud prevention.

Cyscale

Cyscale

Cyscale automates the contextual analysis of cloud misconfigurations, vulnerabilities, access, and data, to provide an accurate and actionable assessment of risk.

PeopleSec

PeopleSec

PeopleSec specializes in the human element of cybersecurity with a comprehensive set of services designed to maximize your security by educating your workforce as a whole.

ValidSoft

ValidSoft

ValidSoft is a security software company, providing telecommunications-based multi-factor authentication, identity and transaction verification technology.

Aristi Technologies

Aristi Technologies

Aristi provides cybersecurity risk and compliance services to help manage your unique cyber risks, safeguarding your systems and data and complying with government and industry standards.

Componolit

Componolit

Componolit GmbH is a highly specialized company with a strong emphasis on trustworthy software, component-based systems and formal verification.

Stratus Technologies

Stratus Technologies

Edge Computing solves the inherent challenges of bandwidth, latency, and security at edge locations to enable IIoT devices and data acquisition.

Netox

Netox

Netox is a comprehensive IT service provider that combines IT support services, IT solutions and specialist services; specializing in cybersecurity solutions.

MyTurn Career LLC

MyTurn Career LLC

Looking for a rewarding career in cybersecurity? Explore a wide range of cybersecurity jobs and opportunities in this rapidly evolving field.

DART Consulting & Training

DART Consulting & Training

DART is a leading cyber training and consultancy company. We enhance our clients’ cyber capabilities by growing and strengthening their frontline defense – the cyber teams.

Nerds On Site

Nerds On Site

Nerds On Site provide on-site & in-home IT and technical support, managed IT services, and cyber security through our collaborative team of highly-trained IT and Security professionals.

Skillfield

Skillfield

Skillfield is a Melbourne based Cyber Security and Data Services consultancy and professional services company.

DeltaSpike

DeltaSpike

DeltaSpike empowers individuals and organizations worldwide through its comprehensive cybersecurity solutions.