Airbus is currently investigating a security breach after a hacker, going by the online alias 'USDoD,' claimed to have infiltrated the company's systems. This revelation came via cybersecurity intelligence firm Hudson Rock, which reported that the hacker had boasted about the intrusion on a cybercrime forum earlier this month.
Previously, 'USDoD' had claimed responsibility for hacking into the FBI's InfraGard database, containing sensitive information about 80,000 individuals, including business leaders, IT professionals, and government officials.
In this latest incident, the hacker asserted that they had stolen personal data from 3,200 individuals associated with Airbus vendors, including Rockwell Collins and Thales. The compromised data includes names, job titles, addresses, email addresses, and phone numbers.
The attacker claimed to have gained entry to Airbus systems through a compromised account belonging to an employee of a Turkish airline, a detail that Airbus has since confirmed. Hudson Rock's investigation revealed that the hacker likely obtained the airline employee's credentials for Airbus systems by using malware.
Information-stealing malware is known to harvest large volumes of credentials from infected devices, which are then sold to other malicious actors. In this case, the investigation suggests that the employee's device was likely infected with RedLine malware after downloading a pirated version of .NET. Samantha Humphries, Senior Director, International Security Strategy, Exabeam, shared her thoughts on the attack and what organizations can do to prepare to avoid becoming a similar victim:
“Supply chain attacks are a breed of insider threat that all organisations need to be planning for, as they are often a much easier route for cybercriminals to penetrate or circumnavigate defences. Whilst the devil is in the contractual detail, realistically security leaders must play a part in due diligence discussions around supplier risk, but also implement processes and monitoring to ensure they can detect and respond to supply chain attacks. This is ultimately part of the cost of doing business, and should be seen as a business enabler, as well as a key focus from a risk and compliance perspective.
“Unfortunately, these types of attacks continue to be successful routes of income for adversaries, therefore proper preparation including table top exercises, credential monitoring, and breach response planning need to include third and fourth party supplier considerations.”
Hudson Rock also emphasized the significance of credentials obtained through info-stealing malware, as they often serve as easy entry points for threat actors into companies, enabling data breaches and ransomware attacks. The firm regularly analyzes data collected by info-stealing malware, which has even been observed pilfering credentials from hacker forums.
Airbus responded to the incident, stating that they are actively investigating the cyber event, which involved an IT account associated with an Airbus customer being compromised. This account was used to download business documents intended for the customer from an Airbus web portal. Immediate remedial measures have been taken to secure their systems further. ###