BACKGROUND:

Please see below for comment by Cybersecurity experts on the news that Bangkok Airways suffered a data breach and refused to pay the ransom which resulted in the data being dumped online.

Experts Comments

September 01, 2021
Brooks Wallace
VP EMEA
Deep Instinct

Airlines have always been a popular target for cyber attacks due to a number of reasons. Each airline holds a vast amount of personal data on their passengers and employees which is an attractive benefit for cyber criminals looking to hold this information hostage as the basis for a second extortion demand, after initial encryption. Furthermore, the industry is well funded so possibility of the hackers receiving a very large financial payout is high. If a threat actor launches a successful

.....Read More

Airlines have always been a popular target for cyber attacks due to a number of reasons. Each airline holds a vast amount of personal data on their passengers and employees which is an attractive benefit for cyber criminals looking to hold this information hostage as the basis for a second extortion demand, after initial encryption. Furthermore, the industry is well funded so possibility of the hackers receiving a very large financial payout is high. If a threat actor launches a successful attack on an airline, there is the possibility that they could shut down the airline’s internal systems and ground flights altogether which would cause not only national mayhem, but have the possibility of causing global chaos. Lastly, the airline industry has been severely impacted by the pandemic and is only now starting to operate more frequent and fuller flights. This makes it especially vulnerable to any threat that could slow recovery.

When organisations pay a ransom demand, it doesn’t necessarily mean all their troubles are over. For example, an encryption key might be provided post-payment, but sometime later, there could be a separate threat to release sensitive data that has been exfiltrated during the initial attack. Double extortion is becoming increasingly prevalent. By not paying the ransom, Bangkok Airways have removed themselves from that additional pressure. There should be more encouragement for organisations not to pay ransoms, but in parallel, investment needs to be made in stopping the attack in the first place.

The best protection against attacks such as this one is a multi-layered approach using a variety of solutions. A “prevention-first” mindset is also key - attacks need to execute and run before they are picked up and checked to see if they are malicious, sometimes taking as long as 60 seconds or more. When dealing with an unknown threat, 60 seconds is too long to wait for an analysis. Organisations need to invest in solutions that use technology such as deep learning which can deliver a sub-20 millisecond response time to stop a ransomware attack, pre-execution, before it can take hold.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.