Malaysian Airline Ransomware Attack

Uploaded on 2022-12-22 in BUSINESS-Services-Transport & Travel, FREE TO VIEW, NEWS-Cybersecurity News

AirAsia, a budget airline that operates out of Malaysia, is dealing with the aftermath of a ransomware attack that saw the personal data of 5 million passengers and employees of the low-cost carrier stolen.  Malaysian authorities are investigating the source and the overall impact, but so far don’t have much usable evidence.

Investigations are continuing to find the source of a ransomware attack that compromised and stole the personal data of passengers and all employees of AirAsia, according to Malaysia’s Communications and Digital Ministry.

AirAsia is a multinational low-cost airline headquartered near Kuala Lumpar in Malaysia. It is the largest airline in Malaysia, and operates scheduled domestic and international flights to more than 165 destinations across 25 countries.

The cyber attacks happened on November 11th and 12th when samples of the stolen personal data were found leaked to the Dark Web approximately a week later. The posted samples contained varying degrees of sensitive information, such as employees' personal data, passenger booking information, and even photos.

Shortly after the cyber attack, a hacker group known as the Daixin Team claimed responsibility and the gang is dangerous and the FBI and CISA has sent out an alert. The group has been active since June 2022, although previously has only targeted health care and public health facilities. The “Daixin Team” is notable for entering organisations networks through unpatched VPN vulnerabilities, a cyber security weakness that has become increasingly common since the COVID-19 pandemic prompted an increase in remote working, which prompted an increased need for Virtual Private Networks (VPNs).

To add insult to injury, the cyber criminal gang announced that they would not want to launch another attack on AirAsia due to how 'sloppy' its internal organisation and management appeared. 

The Daixin Team also alleged that breaching AirAsia was too easy given how weak the airline's network security and protection was, and the cybercriminal group was disappointed at the lack of a challenge. The hacker group sent AirAsia samples of the stolen personal data but added that they stopped short of stealing air traffic control-related and other sensitive airline applications that could cause physical harm.

The airline did respond to the attack and has engaged with the Daixin Team via chat, and says that it has continuously rejected attempts to negotiate the ransom amount, highlighting its stated intention not to pay any amount. 

Investigation teams from the Personal Data Protection Department and Cybersecurity Malaysia have also been deployed since the attack, and they started their probe by having discussions with Capital A on December 1st. Early investigations showed that the cyber attack was caused by unpermitted access into the airline's system. 

Regardless of who was responsible for the cyber attack and how it could have happened, such an attack further emphasises the need for all data users, such as AirAsia, to consistently strengthen their network security and protection.

There have been numerous attacks on both airlines and the public-facing portion of airport websites over the past five years. An attack in India earlier this year disrupted flight scheduling for several days, but did not prevent planes from flying. FedEx’s air shipment service has also been hit by ransomware attacks at least twice, but flight operations are not known to have been impacted.

SimpleFlying:    CPO Magazine:    TEISS:      Straits Times:   TECSEC:      CyberNews

You Might Also Read: 

Cyber Security At Schiphol Airport Is Ineffective:

 

« Britain’s Free Cyber Security Service
Guardian Newspaper Suffers A Large Scale Ransomware Attack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Australian Cyber Security Growth Network (AustCyber)

Australian Cyber Security Growth Network (AustCyber)

AustCyber brings together businesses and researchers to develop the next generation of cyber security products and services.

MIT Internet Policy Research Initiative (IPRI)

MIT Internet Policy Research Initiative (IPRI)

IPRI's mission is to work with policy makers and technologists to increase the trustworthiness and effectiveness of interconnected digital systems

DocAuthority

DocAuthority

DocAuthority automatically discovers and accurately identifies unprotected, sensitive documents, enabling a broad yet business-friendly security policy.

Zecurion

Zecurion

Zecurion data loss prevention (DLP) solution is an easy-to-use solution for securing confidential data at rest and in motion.

NSEIT

NSEIT

NSEIT offers end-to-end Information Technology products, solutions and services including cybersecurity to organizations in the financial sector.

CTM360

CTM360

CTM360 is a unified external security platform offering 24x7x365 Cyber Threat Management for detecting and responding to cyber threats.

Veracity Industrial Networks

Veracity Industrial Networks

Veracity provides an innovative industrial network platform that improves the reliability, efficiency, and security of industrial networks and devices.

ISMS Accreditation Center (ISMS-AC)

ISMS Accreditation Center (ISMS-AC)

ISMS-AC is the national accreditation body for Japan. The directory of members provides details of organisations offering certification services for ISO 27001.

Cloud Managed Networks

Cloud Managed Networks

Cloud Managed Networks provides enterprise grade IT network solutions for cloud-based and on premise network security, Wi-Fi, data switching, collaboration, device management and more.

CENSUS

CENSUS

CENSUS is a Cybersecurity services provider offering services to multiple industries worldwide such as Security Testing, Code Auditing, Secure SDLC, Vulnerability Research and Consulting Services.

GM Sectec

GM Sectec

GM Sectec is the world's largest independent Cyber Defense and Fraud Prevention firm laser focused on payment security.

Tidal Cyber

Tidal Cyber

We formed Tidal for one simple reason—we believe that defenders need and deserve tools and services that make achieving the benefits of threat-informed defense practical and sustainable.

OryxLabs

OryxLabs

OryxLabs provide advanced enterprise digital risk protection solutions. Learn more about how 24x7 continuous assessment, monitoring, and improvement can secure your network.

SecurityLoophole

SecurityLoophole

SecurityLoophole is an independent cyber security news platform with global coverage. Latest updates, reports, news and events related to cyber security.

rThreat

rThreat

rThreat is a cloud-based SaaS solution that challenges your cyber defenses using real-world and custom threats in a secure environment, ensuring your readiness for attacks.

Meta 1st

Meta 1st

Meta 1st are a progressive SAAS enterprise, dedicated to harnessing the power of AI to address the most critical vulnerabilities in the world of cybersecurity: the Human Layer.