News has broken that United Airlines have been breached by the group of China-backed hackers believed to have been behind the Anthem breach. They detected the attack in May or early June, and among the data stolen are manifests including information on their flights’ passengers and their destinations. Experts from Tripwire, STEALTHbits, Securonix, Proficio, and Secure Channels commented on the breach of united airlines by the hackers.
Tim Erlin, Director of Security and Product Management at Tripwire :
“If investigators are accurate in attributing these attacks to the same group, they have amassed a vast database of information that could be used for multiple purposes, from economic espionage to political gain. How they connect these data points together will determine the outcome, but it’s clearly not good for the United States.
As is often the case early in a breach investigation, details on exactly how the attackers succeeded in penetrating United Airlines systems is unclear. It will likely be months before we know more, but it’s imperative that details are shared with other organizations so that we can collectively improve defenses.
As we’ve seen with other breaches, attackers are often resident inside an organization’s network for months before being detected. It’s clear that standard detection tools are simply not performing or not implemented correctly. Large companies and government agencies need to take a critical look at how they can identify what’s changing in their environment, and assess how those changes affect their security posture and attack surface.
The fact that this breach isn’t likely to require disclosure in most states, based on the current laws, should give the Whitehouse fuel to promote a national breach disclosure standard. There are few citizens who wouldn’t want to know if their data was included in this kind of breach.”
Kevin Foisy, Chief Software Architect and Co-Founder, STEALTHbits :
“When we see major infrastructure being attacked, it’s hard not to imagine a state sponsored connection. The Art of War, “know thy enemy” comes to mind when we consider the intelligence being captured. On the surface, there’s sensitive data loss, but the bigger picture is the know-how being gained in ongoing successful penetration of infrastructure. These are undoubtedly training grounds for the real attacks that could come in the event of war. Recent breaches in the area of finance and transportation should serve as a warning for the crippling effects of an e-attack to a technology dependent nation in a time of conflict.”
Jeff Hill, Channel Marketing Manager, STEALTHbits :
“More alarming than the increasing sophistication and effectiveness of cyber-attacks is the exploding diversity of motives. From disrupting the release of a movie at Sony, to a moral objection to an adultery website at Ashley Madison, gone are the days when hackers simply stole credit card numbers to make a quick buck. Can we now add international espionage to that list? Analyzing the travel habits of US government personnel can somewhat harmlessly provide insight into the development of new alliances or business partnerships, but can also be an invaluable tool in the never-ending effort by intelligence agencies to compromise those with access to classified information. Despite the sophistication of high tech satellites, ground-based signals collection and monitoring devices, and other technology, the best intelligence is still obtained from the mid-level government employee desperate to keep his overseas fling a secret.”
Stewart Draper, Director of Insider Threat at Securonix :
“Airlines are being attacked from all angles – their membership programs, reservations systems and even in-flight attempts to tamper with systems. The industry is going to have to quickly realize that they make up a critical part of infrastructure that appeals to nation states and hacktivist groups, and they need to do a better job harden their systems. This is the second breach for United Airlines in the last 12 months and the FAA will need to prioritize industry level discussions around cyber security.
The hackers could have been trying to learn and establish routines of targets they already have data for from OPM and Anthem breaches as there is a lot less PII data available through commercial airlines.
Behavioral analytics can play a significant role in the speed of detection and remediation to a breach.”
John Humphreys, CMO, Proficio :
“The Chinese are systematically looting data from strategic government and business sources. If you have this type of data, chances are you are already compromised. Expect more shoes to drop.”
“This is also an example of a popular Doppelgänger Evil Twin attack where Chinese cyber criminals stand-up a domain with a similar name to a corporate web site and then set up redirect links in partner web sites.”
Richard Blech, CEO and Co-Founder, Secure Channels :
“Hackers used their sophisticated technological tools to support their social engineering techniques, which fooled the unsuspecting humans. Hackers were able to see clear text data, but if said data had been encrypted, such human error would have no effect. Mechanisms for perimeter defense and detection / alerting are not sufficient. Best practices would have mandated a layered security, including encryption. The technology exists, United Airlines chose not to use it, and they failed Best Practices and their customers.”
Here’s what Dwayne Melancon Chief Technology Officer, Tripwire, says you should do after the breach :
- “Immediately use Equifax, Transunion or Experian to put a “freeze” on your credit. This will significantly reduce the risk that anyone can open new lines of credit in your name.
- Look into free credit monitoring and identity theft protection services. There’s no way to easily change the personal data stolen in this breach; it’s not like a credit card fraud. This means you’ll need to carefully monitor any changes to your finances. In addition, beware of any emails or calls regarding this incident as they are almost certainly fraudulent.
- Change the answers to “secret questions” used to validate your identity online, especially if they use personally-identifiable information as answers. Make up your own questions and answers, or use answers that are fictitious but memorable to you to prevent criminals from guessing their way into your online accounts.”
[su_box title=”About Tripwire” style=”noise” box_color=”#336588″]Tripwire, Inc., a global provider of risk-based security and compliance management solutions, today announced Tripwire® Enterprise™ version 8.3 featuring a new, stand-alone Policy Manager™. Tripwire Policy Manager provides the detailed visibility into system configurations critical to minimizing security risks and ensuring compliance.[/su_box][su_box title=”About STEALTHbits Technologies” style=”noise” box_color=”#336588″]STEALTHbits Technologies is internationally recognized in cyber security and Internet threat detection/prevention. Its access management solutions are used by public & private sector enterprises to block malicious access to unstructured data such as email, file systems, presentations, etc. (≈ 80% of organizational data). By ensuring that only the right people can access large, highly-sensitive data pools, STEALTHbits helps customers cut risks and operational expenses, and fulfill compliance requirements.[/su_box][su_box title=”About Secure Channels” style=”noise” box_color=”#336588″]Secure Channels robust, state-of-the-art PKMS2 encryption renders all types of data fully protected and unreadable. eliminating any potential for back door access and mining – by governmental agencies and even by Secure Channels’ own systems and personnel. It is recognized as being orders of magnitude more secure than all known commercial security industry encryption methods.[/su_box][su_box title=”About Proficio” style=”noise” box_color=”#336588″]Proficio Inc. is a leading cloud-based Managed Security Service Provider (MSSP) changing the way organizations meet their IT security and compliance goals. Its solutions and expertise defend enterprise networks and applications from cyber attacks and help leading utilities, health providers and major corporations protect compliance.[/su_box][su_box title=”About Securonix” style=”noise” box_color=”#336588″]Securonix is working to radically transform all areas of data security with actionable security intelligence. Our purpose-built advanced security analytics technology mines, enriches, analyzes, scores and visualizes customer data into actionable intelligence on the highest risk threats from within and outside their environment. Using signature-less anomaly detection techniques that track users, account, and system behavior Securonix is able to automatically and accurately detect the most advanced data security and fraud attacks. Globally customers are using Securonix to address the most basic and complex needs around threat detection and monitoring, high privileged activity monitoring, enterprise and web fraud detection, application risk monitoring, and access risk management.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.