Comment: Aircraft Manufacturers Bombardier Hit By Ransom Attack

By   ISBuzz Team
Writer , Information Security Buzz | Feb 25, 2021 04:46 am PST

The data belonging to the Canadian airplane manufacturer Bombardier published on a dark web portal operated by the Clop ransomware gang. The company responded by saying, “An initial investigation revealed that an unauthorized party accessed and extracted data by exploiting a vulnerability affecting a third-party file-transfer application, which was running on purpose-built servers isolated from the main Bombardier IT network“. The specific detail of the attack is not revealed by the company but it is believed that data belongs to Accellion FTA, a web server that can be used by companies to host and share large files that can’t be sent via email to customers and employees.

Notify of
3 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Sam Curry
Sam Curry , Chief Security Officer
February 25, 2021 12:50 pm

<p>The silver lining for Bombardier is that they can use the opportunity from this latest breach to invest more time in checking all entry points to systems and their global network, and hopefully root out any other suspicious activity. While small in nature, the alarms should be blaring for all companies because Bombardier has admitted that designs for airplanes and plane parts are now available for free on the dark web. Losing IP is devastating for companies and, in this case, don\’t be surprised when China, Russia, and other nation-states use the stolen information for profit. Good for Accellion for urging its customers to migrate away from the vulnerable FTA web server that appears to have resulted in 100 companies being attacked and data stolen from 25 of them thus far. Accellion\’s transparency is commendable.</p>

Last edited 3 years ago by Sam Curry
Lewis Jones
Lewis Jones , Threat Intelligence Analyst
February 25, 2021 12:49 pm

<p>But I changed the Accellion bit in the middle. Does it make sense? “Attackers exploiting known vulnerabilities is common place, which highlights why it is critical that organisations ensure they implement patches and updates in a timely manner. If this turns out to be related to the Accellion breach then the point of entry for the attacks was a 20-year-old legacy product named Accellion FTA which is widely used by businesses all over the world. Bombardier will be just one of many companies affected by the breach.</p> <p> </p> <p>Ransomware operators often use the dark web to publish and sell information obtained from data leaks. Whilst the ransom can be paid, businesses have no guarantee that the data will be deleted and won\’t be published in the future.</p>

Last edited 3 years ago by Lewis Jones
Stephen Kapp
Stephen Kapp , CTO and Founder
February 25, 2021 12:47 pm

<p>Bombardier looks to be the latest victim to be hit following the discovery of vulnerabilities in Accellion FTA software. Rather than exposing customer information, the attackers have shared Bombardier’s Intellectual Property which will have massive ramifications for the company. It is positive to see that Bombardier has come clean on the breach and the more the company communicates information to its shareholders, the better. The attack is another lesson on the dangers of not running security scans on all assets used to share confidential information. Companies should be scanning for vulnerabilities across their entire IT estate as this will help minimise these types of attacks happening in the future.</p>

Last edited 3 years ago by Stephen Kapp

Recent Posts

Would love your thoughts, please comment.x