Now that the dust has settled on the November 2023 Boeing cyberattack, what lessons can be drawn for aviation specifically and for business more generally. It remains that Boeing is investigating claims of a LockBit ransomware attack, but the fact that ransomware penetrated the defenses of such a big company is concerning.
Ransomware groups use leak sites to threaten and ramp up pressure on their victims to pay a ransom. Targeted organizations are typically removed from leak sites when active negotiations are underway or a ransom is paid.
Weighing in on the matter is Ben Forster, Senior Director of Product at AttackIQ.
Forster begins his analysis by considering how such a big player as Boeing became impacted: “Boeing, a giant in the aviation industry, is investigating a cyber incident after the LockBit ransomware gang listed the company on its website.”
Part of the reason is to do with the sophisticated of the malicious actor involved, as Forster notes: “Since LockBit operates under a RaaS model, there isn’t a standard intrusion playbook used by affiliates. Threat actors will leverage a wide variety of Tactics, Techniques, and Procedures (TTPs) in the initial stages of the attack.”
Returning to the attack specifics, Forster finds: “In this case, the cyberattack targeted parts of Boeing’s distribution business. However, the company stressed this cyber incident does not impact flight safety. It is unclear what data has been compromised and if any personally identifiable information (PII) was exploited.”
Forster is also concerned about why aviation is a regular target: “Boeing has been a target for cyberattacks in the past. In 2022, several DDoS attacks were launched against the company, and a Boeing-owned subsidiary suffered a cyberattack causing disruptions in flights.”
This extends across industry: “The aviation industry as a whole seems to be a strong target for cyberattacks. In October alone, Air Europa and Air Canada both faced cyber incidents.”
In terms of concentrate recommendations, Forster puts forwards: “It is important for prominent actors in the aviation industry who deal with sensitive information and flight safety to develop a more proactive security approach. This preventative cybersecurity approach relies on a threat-informed cyber defense strategy.”
He also puts forward: “By studying the common tactics, techniques, and procedures (TTPs) used by common threat actors that target this industry, organizations can align their defenses to their threats, testing to see how their program responds. It is important that along with taking these precautions, organizations evaluate their existing security controls to uncover gaps that can be exploited further.”
