[Security Weekly] Major Airlines Suffer Data Breaches From Supply Chain Attack via IT Provider SITA

cover image

1st Week of March 2021


1. Major airlines suffer data breaches from supply chain attack via IT provider SITA

SITA, an IT giant specialized in providing services to the air transportation industry, has suffered a cyberattack that enabled the hackers to breach a number of commercial airlines, including Malaysia Airlines, Singapore Airlines, Finnair, and Jeju Air. With over 2,800 customers ranging from airlines to airports, the company serves 90% of the airline industry.

SITA confirmed the cyberattack on February 24, and started informing the affected airlines over the past week. Among the victims, Malaysia Airlines was one of the first to report that all customer data of its Enrich loyalty program registered between March 2010 and June 2019 were compromised. This included their names, dates of birth, phone numbers, email addresses, as well as their membership information.

Singapore Airlines followed soon after, disclosing that the membership information of about 580,000 members of its KrisFlyer and PPS Club loyalty programs were compromised. Even though Singapore Airlines was not a direct customer of SITA, it had to share its membership information with Star Alliance in order to reflect mileage accumulated from alliance members. It was said that at least one member of Star Alliance used SITA.

SITA has not yet revealed exactly how many other airlines were affected. Experts are concerned as customer data from airlines can be easily used for phishing and identity theft. 

From SolarWinds to Accellion FTA, supply chain attacks are becoming increasingly popular as hackers leverage a single service provider to gain access to a large number of customers. To enhance protection from application vulnerabilities, adopt a logic-based web application firewall like WAPPLES to effectively mitigate zero-day exploitations. To learn more about WAPPLES, click here.

Sources: TechCrunch, Threatpost, ZDNet


2. Microsoft Exchange Server zero-day flaws exploited by Chinese state hackers

Microsoft disclosed in a blog post on March 2 warning Microsoft Exchange Server customers of a cyberattack led by Hafnium, a sophisticated Chinese state-backed hacker group.

The attackers exploited four zero-day software vulnerabilities, of which one of them was exploitable remotely without the need for any credentials. This allowed the hackers to easily install malware in the servers to gain further access to surrounding systems. The attack affected Exchange Server 2013, 2016, and 2019. Exchange Online, the cloud-based server, was not impacted by the attack.

Despite lacking hard evidence, Microsoft Threat Intelligence Center confidently identified the attackers by analyzing their intrusion method and tactics. All vulnerabilities have now been fixed as Microsoft warns all its customers to install the latest patches. The US Department of Homeland Security also issued a warning to all government agencies to be aware of signs of intrusion.

Sources: CNN, SC Media


3. Ursnif Trojan found to have attacked more than 100 Italian banks

On March 2, researchers at Avast Threat Labs posted on its blog revealing that they have recently found over 100 banks in Italy targeted by the infamous Ursnif banking Trojan.

Began operating in 2007, Ursnif has slowly evolved into a sophisticated malware based on self-developed code. The operators commonly use email phishing campaigns impersonating banks or merchants to spread malware into the victims’ computers. 

In this recent campaign, at least 100 Italian banks were attacked. In one of the attacks, over 1,700 sensitive credentials were stolen from an undisclosed payment processor. The credentials included usernames, passwords, credit card numbers, bank account information, and payment details. Avast immediately informed the respective banks and payment processors to protect the affected customers.

Sources: Avast, Bank Info Security


4. World’s largest dairy firm Lactalis faces cyberattack

Groupe Lactalis SA, the largest dairy firm in the world and the second-largest food company in France after Danone, disclosed that it was hit by a cyberattack where intruders gained access to its internal IT system. With products sold in over 100 countries, the company owns brands like President, Parmalat, and Stonyfield Farm.

On February 26, the company publicly revealed that a number of computers in its internal network were breached by hackers. It later shut down all the affected IT systems and sought help from cybersecurity experts. As of now, the company reported no data breaches involving sensitive customer or employee information.

Sources: Bleeping Computer, Dairy Reporter


Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: ISign+ 

Car, Energy, Factory, City Solutions: Penta IoT Security