Boeing, the renowned aircraft manufacturer, has confirmed its response to a cyberattack affecting its parts and distribution business. The incident came to light after a notorious ransomware group, LockBit, added Boeing to its list of victims. While the company is actively investigating the situation and collaborating with law enforcement and regulatory authorities, it assured that the cyber incident doesn't pose a threat to flight safety.
Although Boeing declined to comment on whether it would consider paying a ransom, it did communicate with its customers and suppliers about the situation. During the incident, at least one web domain linked to Boeing's business displayed a message citing technical issues, raising concerns about potential cyberattack-related disruptions. However, other parts and distribution sites seemed to be operating normally.
LockBit had initially added Boeing to its leak site on October 27, giving the company less than a week to respond to their threats. While the gang did not disclose the extent of data stolen, Boeing was eventually removed from the leak site, and reports suggest negotiations with LockBit members were ongoing.
Boeing, a multinational corporation with over $66 billion in revenue from aircraft equipment, missiles, satellites, and more, has faced several security incidents in recent years. Pro-Russian hacking groups targeted the company with distributed denial-of-service (DDoS) attacks in December 2022, and subsidiary Jeppesen experienced a cybersecurity incident causing flight disruptions in November 2022.
Boeing also dealt with the WannaCry virus in 2018 but managed to recover swiftly, with minimal impact on its programs. The aviation industry remains a prime target for cyberattacks, with recent incidents affecting airlines like Air Canada and Air Europa. Similarly, the Querétaro Intercontinental Airport recently confirmed a cyberattack by the same LockBit ransomware group that targeted Boeing. Jim Doggett, CISO, Semperis, provided insights for fellow CISOs on the incident and how organizations can help mitigate the possibilities of becoming a similar victim:
"This latest ransomware attack is yet another reminder that even the largest organizations in the world are being victimized by the ransomware scourge. With certainty, Boeing employs some of the best security threat analysts and incident responders, with deep understanding and knowledge of threats and common infection points in networks. And yet, motivated and persistent criminals are successfully finding gaps in even the most secure organizations.
The bottom line is that you can’t pay your way out of ransomware.
The good new is that solutions and strategies, when applied properly in advance, help combat these heartless and calculated attacks. Organizations should focus on the resiliency of their systems: hardening the critical systems before an attack, implementing measures to identify and stop attacks before they do significant damage and making sure they can recover quickly after an attack.
Additionally, companies need to know what their critical systems are (including infrastructure such as Active Directory) before attacks occur. It would be beneficial to run tabletop exercises that simulate critical systems’ recovery before an incident occurs. While cyberattacks that expose sensitive data are jarring, defenders can make their organizations so difficult to compromise that adversaries look for other companies to attack. Organizations should also regularly conduct security awareness training, adopt an around the clock threat hunting program, monitor for unauthorized changes occurring in their Active Directory environment which threat actors use in most attacks - and have real time visibility to changes to elevated network accounts and groups."