Comment: Aircraft Manufacturers Bombardier Hit By Ransom Attack

The data belonging to the Canadian airplane manufacturer Bombardier published on a dark web portal operated by the Clop ransomware gang. The company responded by saying, “An initial investigation revealed that an unauthorized party accessed and extracted data by exploiting a vulnerability affecting a third-party file-transfer application, which was running on purpose-built servers isolated from the main Bombardier IT network“. The specific detail of the attack is not revealed by the company but it is believed that data belongs to Accellion FTA, a web server that can be used by companies to host and share large files that can’t be sent via email to customers and employees.

Experts Comments

February 25, 2021
Sam Curry
Chief Security Officer
Cybereason

The silver lining for Bombardier is that they can use the opportunity from this latest breach to invest more time in checking all entry points to systems and their global network, and hopefully root out any other suspicious activity. While small in nature, the alarms should be blaring for all companies because Bombardier has admitted that designs for airplanes and plane parts are now available for free on the dark web. Losing IP is devastating for companies and, in this case, don't be surprised

.....Read More

The silver lining for Bombardier is that they can use the opportunity from this latest breach to invest more time in checking all entry points to systems and their global network, and hopefully root out any other suspicious activity. While small in nature, the alarms should be blaring for all companies because Bombardier has admitted that designs for airplanes and plane parts are now available for free on the dark web. Losing IP is devastating for companies and, in this case, don't be surprised when China, Russia, and other nation-states use the stolen information for profit. Good for Accellion for urging its customers to migrate away from the vulnerable FTA web server that appears to have resulted in 100 companies being attacked and data stolen from 25 of them thus far. Accellion's transparency is commendable.

  Read Less
February 25, 2021
Lewis Jones
Threat Intelligence Analyst
Talion

But I changed the Accellion bit in the middle. Does it make sense? “Attackers exploiting known vulnerabilities is common place, which highlights why it is critical that organisations ensure they implement patches and updates in a timely manner. If this turns out to be related to the Accellion breach then the point of entry for the attacks was a 20-year-old legacy product named Accellion FTA which is widely used by businesses all over the world. Bombardier will be just one of many companies

.....Read More

But I changed the Accellion bit in the middle. Does it make sense? “Attackers exploiting known vulnerabilities is common place, which highlights why it is critical that organisations ensure they implement patches and updates in a timely manner. If this turns out to be related to the Accellion breach then the point of entry for the attacks was a 20-year-old legacy product named Accellion FTA which is widely used by businesses all over the world. Bombardier will be just one of many companies affected by the breach.

 

Ransomware operators often use the dark web to publish and sell information obtained from data leaks. Whilst the ransom can be paid, businesses have no guarantee that the data will be deleted and won't be published in the future.

  Read Less
February 25, 2021
Stephen Kapp
CTO and Founder
Cortex Insight

Bombardier looks to be the latest victim to be hit following the discovery of vulnerabilities in Accellion FTA software. Rather than exposing customer information, the attackers have shared Bombardier’s Intellectual Property which will have massive ramifications for the company. It is positive to see that Bombardier has come clean on the breach and the more the company communicates information to its shareholders, the better. The attack is another lesson on the dangers of not running security

.....Read More

Bombardier looks to be the latest victim to be hit following the discovery of vulnerabilities in Accellion FTA software. Rather than exposing customer information, the attackers have shared Bombardier’s Intellectual Property which will have massive ramifications for the company. It is positive to see that Bombardier has come clean on the breach and the more the company communicates information to its shareholders, the better. The attack is another lesson on the dangers of not running security scans on all assets used to share confidential information. Companies should be scanning for vulnerabilities across their entire IT estate as this will help minimise these types of attacks happening in the future.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.