Something has been happening lately with the airlines industry: there is a dramatic increase in the prevalence of high-profile cyber attacks, resulting in the loss of personal details of millions of passengers.
The latest major incident which we will focus on this time involved Cathay airlines.
Well… It’s actually not the most recent incident, as they failed to report it for more than 6 months after they found out they had been hacked.
An astonishing 9.4Million records of passengers were taken. These records included names, ID numbers, and more details that passengers must provide in order to fly.
6 months after Cathay airlines discovered they had a leak in their systems they decided to finally expose it to the public, and ask the police for help with the incident.
Not surprisingly, Hong Kong police were happy to help but found it to be a difficult and time-consuming task.
To make things even more suspicious, it took Cathay a long time till they started to reveal some details of the incident.
So why would Cathay hide details about incident that affected more than 9 Million people all around the globe ?
We know that Cathay is considered to be a very advanced company who priorities cyber security.
Based on comments from Cathay and their responses to the authorities in Hong Kong we can estimate with a fair amount of confidence that the attack vector came by emails. While Cathay is not providing all of the details, looking on their management talking about the amount of viruses they are stopping and about email security, one can understand this is something that bothers them more than other things.
In similar incidents, such as the British Airways incident, details had to be reported within 72 hours because of laws and regulations. However, since Cathay is based in Hong Kong, they were not under these regulations, and took their time in notifying the public about the attack.
To make things more interesting, there have been several reports that cyber criminals have started approaching potential passengers and send them phishing emails which will look like they were sent from Cathay in order to lure them to click and execute a malware code.
So, to sum up what happened: Cathay got hacked by several cyber attacks. It took 6 months until they decided to let the more than 9 million affected passengers know someone stole their passport and other details.
Though Cathay announced in an official statement that they didn’t know that the details of the affected passengers were being abused, they released another statement with a warning to the affected passengers that someone might be targeting them in the name of Cathay by using a phishing email, trying to lure them to download a malware or enter more personal details.
Cathay offered to the affected passengers a complimentary 1 year dark web monitoring, so that they would be notified if their information appeared on the dark web. Unfortunately, the passengers should be aware and remember that this means giving personal details to another 3rd party provider who might also have a security breach. So if you use offers from Cathay, use them with caution.
Airlines have sensitive data that is growing and changing constantly. Because of their size, these networks are a high-priority target for any intelligence agency or crime organisation that wants access to personal information.
Airlines should use more than just an antivirus, and should start complementing their security with proactive measures to predict threats and block them before they become breaches.
Stay tuned while we will give more focus in the future trying to reveal whether
Is the increase in airline hackings because of a new government, or a crime organisation aiming at the airlines sector specifically?
Are there specific details the attackers are looking to get from these airlines?
There are many questions and even more possible answers.
Have a safe next flight and see you at the next time.
Don’t forget to visit www.cybercure.ai for the latest podcasts and cyber intelligence.