Malaysian Airline Ransomware Attack
AirAsia, a budget airline that operates out of Malaysia, is dealing with the aftermath of a ransomware attack that saw the personal data of 5 million passengers and employees of the low-cost carrier stolen. Malaysian authorities are investigating the source and the overall impact, but so far don’t have much usable evidence.
Investigations are continuing to find the source of a ransomware attack that compromised and stole the personal data of passengers and all employees of AirAsia, according to Malaysia’s Communications and Digital Ministry.
AirAsia is a multinational low-cost airline headquartered near Kuala Lumpar in Malaysia. It is the largest airline in Malaysia, and operates scheduled domestic and international flights to more than 165 destinations across 25 countries.
The cyber attacks happened on November 11th and 12th when samples of the stolen personal data were found leaked to the Dark Web approximately a week later. The posted samples contained varying degrees of sensitive information, such as employees' personal data, passenger booking information, and even photos.
Shortly after the cyber attack, a hacker group known as the Daixin Team claimed responsibility and the gang is dangerous and the FBI and CISA has sent out an alert. The group has been active since June 2022, although previously has only targeted health care and public health facilities. The “Daixin Team” is notable for entering organisations networks through unpatched VPN vulnerabilities, a cyber security weakness that has become increasingly common since the COVID-19 pandemic prompted an increase in remote working, which prompted an increased need for Virtual Private Networks (VPNs).
To add insult to injury, the cyber criminal gang announced that they would not want to launch another attack on AirAsia due to how 'sloppy' its internal organisation and management appeared.
The Daixin Team also alleged that breaching AirAsia was too easy given how weak the airline's network security and protection was, and the cybercriminal group was disappointed at the lack of a challenge. The hacker group sent AirAsia samples of the stolen personal data but added that they stopped short of stealing air traffic control-related and other sensitive airline applications that could cause physical harm.
The airline did respond to the attack and has engaged with the Daixin Team via chat, and says that it has continuously rejected attempts to negotiate the ransom amount, highlighting its stated intention not to pay any amount.
Investigation teams from the Personal Data Protection Department and Cybersecurity Malaysia have also been deployed since the attack, and they started their probe by having discussions with Capital A on December 1st. Early investigations showed that the cyber attack was caused by unpermitted access into the airline's system.
Regardless of who was responsible for the cyber attack and how it could have happened, such an attack further emphasises the need for all data users, such as AirAsia, to consistently strengthen their network security and protection.
There have been numerous attacks on both airlines and the public-facing portion of airport websites over the past five years. An attack in India earlier this year disrupted flight scheduling for several days, but did not prevent planes from flying. FedEx’s air shipment service has also been hit by ransomware attacks at least twice, but flight operations are not known to have been impacted.
SimpleFlying: CPO Magazine: TEISS: Straits Times: TECSEC: CyberNews:
You Might Also Read:
Cyber Security At Schiphol Airport Is Ineffective: