Bangkok Airways Hacked
-
- Expatriate
- Posts: 141
- Joined: Wed Sep 13, 2017 2:17 pm
- Reputation: 74
Bangkok Airways Hacked
FYI, got an email today from Bangkok Airways saying they were hacked.
Dear Valued Customer,
On 23 August 2021, we have discovered that we had been a victim of cybersecurity attack which resulted in unauthorized and unlawful access to our information system.
Upon such discovery, we immediately took action to investigate and contain such event, with the assistance of a leading cybersecurity firm. Currently, we are investigating, as a matter of urgency, to verify the compromised data and the affected passengers as well as taking relevant measures to strengthen our IT system.
We write to inform you now out of the greatest caution that this incident has exposed some of your personal data in our possession to be compromised by the attacker. From our investigation, the personal data that has been accessed are passenger name, family name, nationality, gender, phone number, email, address, contact information, passport information, historical travel information, partial credit card information, and special meal information. Please be assured that such incident does not affect the aviation security and we are still open for business as usual.
This incident has been reported to the Thai police and the relevant authorities. We will continue to update you about the progress on this incident as well as information on steps and proper measures you may take to protect yourself against such exposure.
As a preliminary protection measures, we recommend you contact your bank or credit card provider and follow their advice and change any compromised passwords as soon as you can. We also would like to caution you to be aware of any suspicious and unsolicited calls and/or emails, as the attacker may be claiming to be Bangkok Airways and attempt to gather your personal data by deception (known as 'phishing'). We will not be contacting any customers asking for credit card details and/or any financial details and any such requests should be reported to the police and relevant authorities.
We regret this incident has occurred and want to reassure you that our commitment to security and privacy of your personal data remains paramount. For further correspondence on this matter, please contact us via the following channels;
• Toll-free number 1800-010-171 (within Thailand) during 08.00hrs – 17.30hrs
• Toll number 800-8100-6688 (Overseas) during 08.00hrs – 17.30hrs (Thailand Time GMT+7)
• Email: [email protected]
Sincerely yours,
Bangkok Airways PCL.
-
- Expatriate
- Posts: 567
- Joined: Wed Jan 08, 2020 10:04 pm
- Reputation: 167
Re: Bangkok Airways Hacked
Updates:
https://simpleflying.com/bangkok-airways-cyber-attack/The airline said, “An initial investigation of the incident appeared to confirm that some of the personal data may have been accessed which are, passenger name, family name, nationality, gender, phone number, email, address, contact information, passport information, historical travel information, partial credit card information, and special meal information.”
Bangkok Airways reported the incident to the Royal Thai Police and continues to investigate the extent of the breach with a cybersecurity partner. A cybercriminal gang using LockBit ransomware has claimed responsibility for the attack. The gang issued a deadline (30th August), claiming it will release 103GB of compressed information if a ransom is not paid.
Bangkok Airways has clarified that the attack ‘did not affect the company’s operational or aeronautical security systems.’ The airline also said it is taking relevant measures to strengthen its IT systems.
-
- Expatriate
- Posts: 468
- Joined: Sat Mar 24, 2018 4:18 am
- Reputation: 140
Re: Bangkok Airways Hacked
I've never worried too much about LockBit attacks. Those operations are usually conducted by smaller teams with large nets. Most likely a couple of technicians who were taught how to use a script. Worse case scenario is a loss of data considering the data is already encrypted.
Now, if this was a serious breach, they would have collected the information and resold the high-value contact histories individually. There would have been little trace. More dangerous groups, may also use the high value leads name, family name, nationality, gender, phone number, email, address, contact information, passport information, historical travel information, partial credit card information, and special meal information to organise further hacks, kidnappings, corporate espionage, robberies, identity fraud and reselling to some bad governments that are willing to pay.
Those are the types of hacks I loose sleep over. I worry about those all the time.
Now, if this was a serious breach, they would have collected the information and resold the high-value contact histories individually. There would have been little trace. More dangerous groups, may also use the high value leads name, family name, nationality, gender, phone number, email, address, contact information, passport information, historical travel information, partial credit card information, and special meal information to organise further hacks, kidnappings, corporate espionage, robberies, identity fraud and reselling to some bad governments that are willing to pay.
Those are the types of hacks I loose sleep over. I worry about those all the time.
Re: Bangkok Airways Hacked
Where did Bangkok Airways claim the data was encrypted?ofparadise wrote: ↑Thu Sep 02, 2021 1:08 pm I've never worried too much about LockBit attacks. Those operations are usually conducted by smaller teams with large nets. Most likely a couple of technicians who were taught how to use a script. Worse case scenario is a loss of data considering the data is already encrypted.
-
- Expatriate
- Posts: 468
- Joined: Sat Mar 24, 2018 4:18 am
- Reputation: 140
Re: Bangkok Airways Hacked
That's how lockbit malware works. It crawls vulnerable networks, and once a certain criteria is met, data is automatically encrypted using a private key. Screenshots, meta,certain file contents are usually collected and forwarded by the malware to a remote server to offer proof to the victim.
The victim then has to pay the ransom in exchange for the private key which would allow them to regain access, decrypt to their locked files.
If the victim fails to pay up, the data is wiped.
If I was Bangkok Airways, I'd start looking at how the attack originated, and identifying how it got into the network in the first place and verify that no backdoors exist. This usually is very expensive for major companies as the core systems would have to taken offline and external experts need to be brought in.
It's usually priced, so it's cheaper to pay the ransom.
Public traded companies are prime targets.
- Jerry Atrick
- Expatriate
- Posts: 5450
- Joined: Sat May 17, 2014 4:19 pm
- Reputation: 3057
Re: Bangkok Airways Hacked
Happened to a former employer of mine's other business in Australia some years ago, it was fucking hilarious to watch; she had to pay them 20 Bitcoin iirc, which wasn't all that much at the time, before they let her back in to her email, accounts, the whole lot or it would be deletedofparadise wrote: ↑Thu Sep 02, 2021 2:14 pmThat's how lockbit malware works. It crawls vulnerable networks, and once a certain criteria is met, data is automatically encrypted using a private key. Screenshots, meta,certain file contents are usually collected and forwarded by the malware to a remote server to offer proof to the victim.
The victim then has to pay the ransom in exchange for the private key which would allow them to regain access, decrypt to their locked files.
If the victim fails to pay up, the data is wiped.
If I was Bangkok Airways, I'd start looking at how the attack originated, and identifying how it got into the network in the first place and verify that no backdoors exist. This usually is very expensive for major companies as the core systems would have to taken offline and external experts need to be brought in.
Re: Bangkok Airways Hacked
But that's not what Bangkok Airways states. They state data has been stolen, and a ransom is asked for not releasing it.ofparadise wrote: ↑Thu Sep 02, 2021 2:14 pmThat's how lockbit malware works. It crawls vulnerable networks, and once a certain criteria is met, data is automatically encrypted using a private key. Screenshots, meta,certain file contents are usually collected and forwarded by the malware to a remote server to offer proof to the victim.
The victim then has to pay the ransom in exchange for the private key which would allow them to regain access, decrypt to their locked files.
-
- Expatriate
- Posts: 468
- Joined: Sat Mar 24, 2018 4:18 am
- Reputation: 140
Re: Bangkok Airways Hacked
I don't put too much stock into press releases. PR's are for reputation management.
These links may provide you with more information.
An overview of the recent attacks:
- https://apt.thaicert.or.th/cgi-bin/show ... 20Gang&n=1
- https://threatpost.com/lockbit-ransomwa ... ly/168746/
Almost all the Lockbit affiliates threaten to release info to the public. Most of the time, that never
happens. In fact, a bigger concern is a a decryption key that does not work and repeat attacks.
Releasing data on onion sites (darkweb) comes with risks. It's easier to hold 20 companies ransom, and cut your losses as soon as crypto is sent.
These links may provide you with more information.
An overview of the recent attacks:
- https://apt.thaicert.or.th/cgi-bin/show ... 20Gang&n=1
- https://threatpost.com/lockbit-ransomwa ... ly/168746/
Almost all the Lockbit affiliates threaten to release info to the public. Most of the time, that never
happens. In fact, a bigger concern is a a decryption key that does not work and repeat attacks.
Releasing data on onion sites (darkweb) comes with risks. It's easier to hold 20 companies ransom, and cut your losses as soon as crypto is sent.
-
- Similar Topics
- Replies
- Views
- Last post
-
- 0 Replies
- 1055 Views
-
Last post by yong
-
- 11 Replies
- 4678 Views
-
Last post by Cowshed Cowboy
-
- 6 Replies
- 2051 Views
-
Last post by Alex
-
- 5 Replies
- 3522 Views
-
Last post by Freightdog
-
- 1 Replies
- 814 Views
-
Last post by Kammekor
-
- 0 Replies
- 850 Views
-
Last post by yong
-
- 5 Replies
- 1596 Views
-
Last post by Doc67
Who is online
Users browsing this forum: Clutch Cargo and 386 guests