Connect with us

Hi, what are you looking for?

Tech & Science

Security expert on AirAsia ransomware attack

The ransomware attack on AirAsia serves as a sobering reminder of the growing threat to critical infrastructure globally.

Flight tracking exposure irks billionaires and baddies. — © AFP
Flight tracking exposure irks billionaires and baddies. — © AFP

A Daixin Team ransomware attack has been launched upon AirAsia. This cyber-activity exposed 5 million records. The Daixin Team is a ransomware and data extortion group that has targeted various industrial sectors with ransomware and data extortion operations.

It is thought the Daixin Team demanded money in return for a decryption key, to delete all data they had exfiltrated, and to inform AirAsia Group of the vulnerabilities that had been found and exploited.

The way the airline had configured its systems made this easy for the attackers. “The chaotic organization of the network, the absence of any standards, caused the irritation of the group and a complete unwillingness to repeat the attack,” the spokesperson for Daixin Team said. “The group refused to pick through the garbage for a long time. As our pentester said, ‘Let the newcomers sort this trash, they have a lot of time.’”

The statement continues: “The internal network was configured without any rules and as a result worked very poorly. It seemed that every new system administrator ‘built his shed next to the old building.’ At the same time, the network protection was very, very weak.”

Looking into the attack for Digital Journal is Stephan Chenette, Co-Founder and CTO at AttackIQ.

Chenette explains the airports and airlines appear to be a focal point for cybercriminals, noting: “Following last month’s large-scale distributed denial-of-service (DDoS) attack on U.S. airport websites, AirAsia has unfortunately become the most recent target for air travel-related attacks.”

The cyberattack also shows the risks that stem from multiple services being interconnected. Chenette notes: “The ransomware attack on AirAsia serves as a sobering reminder of the growing threat to critical infrastructure globally. In this case, the most significant result of the attack was the exposure of more than 5 million customer and staff records online.”

What is also of concern is the value of the impacted data. Chenette observes: “The exposure of personally identifiable information creates additional barriers to restoring the well-being and safety of customers and staff; access to sensitive information makes victims vulnerable to future fraud and scams.”

There are measures that can be taken and lessons to be learned from the attacks, according to Chenette. He explains these as: “To better prepare against the Daixin Team and other ransomware attacks, organizations must adopt a threat-informed cyber strategy using the MITRE ATT&CK framework. The framework’s catalog helps organizations understand common techniques and tactics used by the Daixin team and other common threat actors.”

It follows that: “Knowing the procedures used by the adversary helps inform organizations’ security programs and assists in building a more resilient proactive defensive and responsive security program.”

Chenette also recommends: “Using automated security solutions that safely validate organizations’ defensive controls against ransomware campaigns and threat actors will help the transportation industry combat the next ransomware threat.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

World

Calling for urgent action is the international medical humanitarian organization Doctors Without Borders/Médecins Sans Frontières (MSF)

Business

The cathedral is on track to reopen on December 8 - Copyright AFP Ludovic MARINParis’s Notre-Dame Cathedral, ravaged by fire in 2019, is on...

Business

Saudi Aramco President & CEO Amin Nasser speaks during the CERAWeek oil summit in Houston, Texas - Copyright AFP Mark FelixPointing to the still...

Business

Hyundai on Wednesday revealed plans to invest more than $50 billion in South Korea by 2026.