Malaysian Airline Ransomware Attack

Uploaded on 2022-12-22 in BUSINESS-Services-Transport & Travel, FREE TO VIEW, NEWS-News Analysis

AirAsia, a budget airline that operates out of Malaysia, is dealing with the aftermath of a ransomware attack that saw the personal data of 5 million passengers and employees of the low-cost carrier stolen.  Malaysian authorities are investigating the source and the overall impact, but so far don’t have much usable evidence.

Investigations are continuing to find the source of a ransomware attack that compromised and stole the personal data of passengers and all employees of AirAsia, according to Malaysia’s Communications and Digital Ministry.

AirAsia is a multinational low-cost airline headquartered near Kuala Lumpar in Malaysia. It is the largest airline in Malaysia, and operates scheduled domestic and international flights to more than 165 destinations across 25 countries.

The cyber attacks happened on November 11th and 12th when samples of the stolen personal data were found leaked to the Dark Web approximately a week later. The posted samples contained varying degrees of sensitive information, such as employees' personal data, passenger booking information, and even photos.

Shortly after the cyber attack, a hacker group known as the Daixin Team claimed responsibility and the gang is dangerous and the FBI and CISA has sent out an alert. The group has been active since June 2022, although previously has only targeted health care and public health facilities. The “Daixin Team” is notable for entering organisations networks through unpatched VPN vulnerabilities, a cyber security weakness that has become increasingly common since the COVID-19 pandemic prompted an increase in remote working, which prompted an increased need for Virtual Private Networks (VPNs).

To add insult to injury, the cyber criminal gang announced that they would not want to launch another attack on AirAsia due to how 'sloppy' its internal organisation and management appeared. 

The Daixin Team also alleged that breaching AirAsia was too easy given how weak the airline's network security and protection was, and the cybercriminal group was disappointed at the lack of a challenge. The hacker group sent AirAsia samples of the stolen personal data but added that they stopped short of stealing air traffic control-related and other sensitive airline applications that could cause physical harm.

The airline did respond to the attack and has engaged with the Daixin Team via chat, and says that it has continuously rejected attempts to negotiate the ransom amount, highlighting its stated intention not to pay any amount. 

Investigation teams from the Personal Data Protection Department and Cybersecurity Malaysia have also been deployed since the attack, and they started their probe by having discussions with Capital A on December 1st. Early investigations showed that the cyber attack was caused by unpermitted access into the airline's system. 

Regardless of who was responsible for the cyber attack and how it could have happened, such an attack further emphasises the need for all data users, such as AirAsia, to consistently strengthen their network security and protection.

There have been numerous attacks on both airlines and the public-facing portion of airport websites over the past five years. An attack in India earlier this year disrupted flight scheduling for several days, but did not prevent planes from flying. FedEx’s air shipment service has also been hit by ransomware attacks at least twice, but flight operations are not known to have been impacted.

SimpleFlying:    CPO Magazine:    TEISS:      Straits Times:   TECSEC:      CyberNews

You Might Also Read: 

Cyber Security At Schiphol Airport Is Ineffective:

 

« Britain’s Free Cyber Security Service
Guardian Newspaper Suffers A Large Scale Ransomware Attack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ReadWrite

ReadWrite

ReadWrite is a leading media platform dedicated to IoT and the Connected World.

CERT-PA

CERT-PA

CERT-PA is the national Computer Emergency Response Team for Italian government institutions.

SEC Consult

SEC Consult

SEC Consult is a leading European consultancy for application security services and information security.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North European Cybersecurity Cluster (NECC)

North European Cybersecurity Cluster (NECC)

NECC promotes information security and cybersecurity-related cooperation and collaboration in the Northern European region in order to enhance integration into the European Digital Single Market.

CS3STHLM

CS3STHLM

CS3STHLM is the Stockholm international summit on Cyber Security in SCADA and Industrial Control Systems.

Ordr

Ordr

Ordr Systems Control Engine. The first actionable AI-based systems control engine for the hyper-connected enterprise. You’re in control.

36 Group

36 Group

36 Group's criminal law team, has the experience and specialist knowledge to conduct effectively trials heavily concerned with the growing phenomenon of Cybercrime.

Kasm Technologies

Kasm Technologies

Kasm Browser Isolation - Protect your organization from malware, ransomware and phishing by using zero-trust containerized browsers.

Polaris Infosec

Polaris Infosec

Polaris Web Presence Protection (WPP) is powered by our proprietary artificial intelligence and machine learning engine to ensure that attacks are stopped before they affect your business.

Horizon3.ai

Horizon3.ai

Horizon3.ai is a leader in security assessment and validation enabling continuous security overwatch from an attacker’s perspective through our NodeZero SaaS solution.

Xalient

Xalient

Xalient is an IT consulting and managed services business, specialising in modern, software-defined networking, security and communications technologies.

Responsive Technology Partners

Responsive Technology Partners

Responsive Technology Partners provides superior IT support services including cybersecurity and compliance, telephony, cloud services, cabling, access control, and camera systems.

V3 Cybersecurity

V3 Cybersecurity

V3 Cybersecurity is a unique company focused on contextualization of security programs from a business perspective. Our mission is to provide enterprise IT Risk Management capabilities.

Cypfer

Cypfer

CYPFER is a global market leader in ransomware post-breach remediation and cyber-attack first response.

Digital Security Authority (DSA)

Digital Security Authority (DSA)

The establishment of the Digital Security Authority, which incorporates the National CSIRT, is crucial to significantly raising the cybersecurity posture and capabilities of Cyprus.