Security expert on AirAsia ransomware attack

Flight tracking exposure irks billionaires and baddies. — © AFP

A Daixin Team ransomware attack has been launched upon AirAsia. This cyber-activity exposed 5 million records. The Daixin Team is a ransomware and data extortion group that has targeted various industrial sectors with ransomware and data extortion operations.

It is thought the Daixin Team demanded money in return for a decryption key, to delete all data they had exfiltrated, and to inform AirAsia Group of the vulnerabilities that had been found and exploited.

The way the airline had configured its systems made this easy for the attackers. “The chaotic organization of the network, the absence of any standards, caused the irritation of the group and a complete unwillingness to repeat the attack,” the spokesperson for Daixin Team said. “The group refused to pick through the garbage for a long time. As our pentester said, ‘Let the newcomers sort this trash, they have a lot of time.’”

The statement continues: “The internal network was configured without any rules and as a result worked very poorly. It seemed that every new system administrator ‘built his shed next to the old building.’ At the same time, the network protection was very, very weak.”

Looking into the attack for Digital Journal is Stephan Chenette, Co-Founder and CTO at AttackIQ.

Chenette explains the airports and airlines appear to be a focal point for cybercriminals, noting: “Following last month’s large-scale distributed denial-of-service (DDoS) attack on U.S. airport websites, AirAsia has unfortunately become the most recent target for air travel-related attacks.”

The cyberattack also shows the risks that stem from multiple services being interconnected. Chenette notes: “The ransomware attack on AirAsia serves as a sobering reminder of the growing threat to critical infrastructure globally. In this case, the most significant result of the attack was the exposure of more than 5 million customer and staff records online.”

What is also of concern is the value of the impacted data. Chenette observes: “The exposure of personally identifiable information creates additional barriers to restoring the well-being and safety of…