Malaysian Airline Ransomware Attack

Uploaded on 2022-12-22 in BUSINESS-Services-Transport & Travel, FREE TO VIEW, NEWS-Cybersecurity News

AirAsia, a budget airline that operates out of Malaysia, is dealing with the aftermath of a ransomware attack that saw the personal data of 5 million passengers and employees of the low-cost carrier stolen.  Malaysian authorities are investigating the source and the overall impact, but so far don’t have much usable evidence.

Investigations are continuing to find the source of a ransomware attack that compromised and stole the personal data of passengers and all employees of AirAsia, according to Malaysia’s Communications and Digital Ministry.

AirAsia is a multinational low-cost airline headquartered near Kuala Lumpar in Malaysia. It is the largest airline in Malaysia, and operates scheduled domestic and international flights to more than 165 destinations across 25 countries.

The cyber attacks happened on November 11th and 12th when samples of the stolen personal data were found leaked to the Dark Web approximately a week later. The posted samples contained varying degrees of sensitive information, such as employees' personal data, passenger booking information, and even photos.

Shortly after the cyber attack, a hacker group known as the Daixin Team claimed responsibility and the gang is dangerous and the FBI and CISA has sent out an alert. The group has been active since June 2022, although previously has only targeted health care and public health facilities. The “Daixin Team” is notable for entering organisations networks through unpatched VPN vulnerabilities, a cyber security weakness that has become increasingly common since the COVID-19 pandemic prompted an increase in remote working, which prompted an increased need for Virtual Private Networks (VPNs).

To add insult to injury, the cyber criminal gang announced that they would not want to launch another attack on AirAsia due to how 'sloppy' its internal organisation and management appeared. 

The Daixin Team also alleged that breaching AirAsia was too easy given how weak the airline's network security and protection was, and the cybercriminal group was disappointed at the lack of a challenge. The hacker group sent AirAsia samples of the stolen personal data but added that they stopped short of stealing air traffic control-related and other sensitive airline applications that could cause physical harm.

The airline did respond to the attack and has engaged with the Daixin Team via chat, and says that it has continuously rejected attempts to negotiate the ransom amount, highlighting its stated intention not to pay any amount. 

Investigation teams from the Personal Data Protection Department and Cybersecurity Malaysia have also been deployed since the attack, and they started their probe by having discussions with Capital A on December 1st. Early investigations showed that the cyber attack was caused by unpermitted access into the airline's system. 

Regardless of who was responsible for the cyber attack and how it could have happened, such an attack further emphasises the need for all data users, such as AirAsia, to consistently strengthen their network security and protection.

There have been numerous attacks on both airlines and the public-facing portion of airport websites over the past five years. An attack in India earlier this year disrupted flight scheduling for several days, but did not prevent planes from flying. FedEx’s air shipment service has also been hit by ransomware attacks at least twice, but flight operations are not known to have been impacted.

SimpleFlying:    CPO Magazine:    TEISS:      Straits Times:   TECSEC:      CyberNews

You Might Also Read: 

Cyber Security At Schiphol Airport Is Ineffective:

 

« Britain’s Free Cyber Security Service
Guardian Newspaper Suffers A Large Scale Ransomware Attack »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Qufaro

Qufaro

Qufaro is a new initiative designed to make it simpler for those with career ambitions in cyber security to access the UK’s cyber-specific education and innovation opportunities.

Cyber Army Indonesia (CyberArmyID)

Cyber Army Indonesia (CyberArmyID)

Cyber Army Indonesia (CyberArmyID) is the first platform in Indonesia to collect and validate reports from hackers (referred to as Bug Hunter) regarding vulnerabilities that exist in an organization.

Cylus

Cylus

Cylus, a global leader in rail cybersecurity, helps rail and metro companies avoid safety incidents and service disruptions caused by cyber-attacks.

Hardenite

Hardenite

Hardenite solution helps R&D, DevOps and IT teams to continuously manage security risks and hardening efforts of any Linux OS – based product, throughout the product life cycle.

HackHunter

HackHunter

HackHunter’s passive sensor network continuously monitors, detects and alerts when a malicious WiFi network and/or hacking behaviour is identified.

CNS Group

CNS Group

CNS Group provides industry leading cyber security though managed security services, penetration testing, consulting and compliance.

Cyber Security Operations Consulting (CyberSecOp)

Cyber Security Operations Consulting (CyberSecOp)

CyberSecOp is an ISO 27001 Certified Organization which provides cyber security operations services and risk management consulting.

Airgap Networks

Airgap Networks

Airgap is fixing the fundamental flaw of excessive trust. We help enterprises modernize their network for a simple and secure infrastructure.

Inversion6

Inversion6

Inversion6 (formerly MRK Technologies) is a cybersecurity risk management provider that offers custom security solutions.

Fusion Cyber

Fusion Cyber

Fusion Cyber educates students in Zero Trust Risk Management, Defense, and Cyber Offense that lead to taking industry-accepted cybersecurity certifications.

Hush

Hush

Hush is a premium privacy service that gives people unprecedented visibility and control of their digital footprint. Hush assesses threats, and goes to work to eliminate digital risks on your behalf.

VulnCheck

VulnCheck

VulnCheck helps organizations outpace adversaries with vulnerability intelligence that predicts avenues of attack with speed and accuracy.

Anura

Anura

The world’s most accurate ad fraud solution protects your web assets by eliminating bots, malware and human fraud, ensuring your content is seen by real people.

Blue Bastion

Blue Bastion

Don’t give cybercriminals the chance to find weaknesses in your company’s cyber security system. Defend your institution from all attacks from all directions with Blue Bastion.

Getvisibility

Getvisibility

Getvisibility enables customers to detect, classify and protect sensitive information increasing data security, governance, compliance and lowering the risk of losing valuable data.

RevEng.AI

RevEng.AI

RevEng.AI is designed to rigorously validate the integrity of software supply chains at a binary level, ensuring uncompromising security and trustworthiness in digital ecosystems.