In response to the Malaysia Airlines website hack, Trey Ford, Global Security Strategist at Rapid7, has provided the following comment.
“It’s been a terrible year for Malaysia Airlines and a bad month so far for travel websites. A quick review of the timeline seems to validate Malaysia Airlines’ statement that the DNS was compromised. The Airline’s security response team would be able to piece together a timeline of events rather quickly; the investigation path on something like this is fairly straightforward, albeit reliant on third party participation from the Domain Registrar, a DNS provider, or others. I have no hesitation in believing the systems managed by the airline were not impacted or undermined in the course of this event.
Free Cyber Security Training! Join the revolution today!
“While embarrassing, this redirection is little more than a nuisance from an operational perspective. This strikes me as an attack of opportunity more than a focused compromise. Due to the simple ‘defacement page,’ overt announcement of the compromise, and lack of additional malice, I believe this was more a press stunt or redirection on the part of the attackers claiming to be Lizard Squad.”
By Trey Ford, Global Security Strategist, Rapid7
About Rapid7
The company offers advanced capabilities for vulnerability management, penetration testing, endpoint controls assessment, and incident detection and investigation. Its attacker intelligence is informed by more than 200,000 members of the Metasploit community, the industry-leading Rapid7 Research Labs, and its experienced security services team. Rapid7 is trusted by more than 3,000 organizations across 78 countries, including more than 250 of the Fortune 1000.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.