United Airlines is the latest to fall victim to a data breach. The hackers stole flight manifests, which disclose information about passengers on the flight and their destinations. News reports are pointing fingers at hackers backed by China.
Some are attributing the attacks to the same group that attacked health insurer Anthem and U.S. Office of Personnel Management (OPM). In February, Anthem informed millions of its customers that hackers had gained access to the company’s computers, potentially stealing personal information of 80 million former and current customers. In June, OPM said a hack affecting its systems compromised the personal information of 21.5 million current and former federal workers.
Tim Erlin, director of IT security and risk strategy for advanced threat protection firm Tripwire, told us if investigators are accurate about whose behind the attacks, these bad actors have amassed a vast database of information that could be used for multiple purposes, from economic espionage to political gain.
A Strong Argument
“How they connect these data points together will determine the outcome, but it’s clearly not good for the United States,” Erlin said. “As is often the case early in a breach investigation, details on exactly how the attackers succeeded in penetrating United Airlines systems is unclear. It will likely be months before we know more, but it’s imperative that details are shared with other organizations so that we can collectively improve defenses.” United Airlines was not immediately available for comment.
As has happened with other breaches, attackers often hide inside an organization’s network for months before they’re detected, Erlin said. He argued that standard detection tools are simply not performing or are not implemented correctly. His advice: Companies and government agencies need to take a critical look at how they can identify what’s changing in their environments, and assess how those changes affect their security postures and attack surfaces.
“The fact that this breach isn’t likely to require disclosure in most states, based on the current laws, should give the White House fuel to promote a national breach disclosure standard,” Erlin said. “There are few citizens who wouldn’t want to know if their data was included in this kind of breach.”
Airlines Under Attack
Stewart Draper, director of insider threat at data analytics firm Securonix, told us airlines are being attacked from all angles — their membership programs, reservations systems and even via in-flight attempts to tamper with systems.
“The industry is going to have to quickly realize that they make up a critical part of infrastructure that appeals to nation states and hacktivist groups, and they need to do a better job to harden their systems,” Draper said. “This is the second breach for United Airlines in the last 12 months and the FAA will need to prioritize industry-level discussions around cybersecurity.”
From Draper’s perspective, the hackers could have been trying to learn more about the routines of the targets for whom they already have data from the OPM and Anthem breaches as there is a lot less personally identifying information available through commercial airlines. “Behavioral analytics can play a significant role in the speed of detection and remediation to a breach,” he said.
This entry passed through the Full-Text RSS service – if this is your content and you’re reading it on someone else’s site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers.