According to a statement published by SITA immediately after noticing the attack, “this attack was sophisticated and focused on stealing passengers’ information from all our affiliate airlines since we share this kind of information across the different players.” The alliance collaborates with major airlines including Finnair, Malaysia Airlines, Singapore Airlines, Air China, Swiss, Air Canada, Lufthansa, Jeju Air (South Korean), United, and others.
Though no much information was provided concerning the attack, SITA notified its members that “the attackers focused on accessing clients’ name, their membership number, and tier status in some instances.” He continued, “we have notified all the affected person about the attack and imposed all necessary precautions to control the attack.”
This attack was immense as it spread across multiple airlines, exposing several thousands of passengers’ information. For instance, Finnair commented that more than 200,000 passengers’ data had been accessed- especially those that board their planes frequently. Another airline, Singapore Airlines, raised an alarm that the attack had impacted its PPS members and KrisFlyer data. About 580,000 members’ information were impacted during the compromise as the airline shares the information with other Alliance airlines. Therefore, this means that the attack had impacted almost all Alliance members because data gets exchanged across the different member airlines served by the umbrella organization, SITA.
The attackers are linked to the attacks that happened between 2010 and 2019 on Malaysia Airlines’ servers where its “Enrich frequent flyer data” was accessed.
According to the US-based company, commenting on the February 24 attack, its servers store a wide range of customer information. The attackers targeted their Passenger Service System servers, whose mandate is to process passenger systems for many airlines. It stressed that “all organizations that have been affected by the attack were notified, as well as their passengers.” The good news is that “customers’ client card information, reservations, itineraries, ticketing, email addresses, and membership passwords were not affected as the organization doesn’t share such kind of information with other member airlines for data transfer.
The attack follows when IT experts are arguing that more targeted attacks are expected in the future as cyber-criminals seem more active than ever before. According to one of the founders of Cyberpion, Ran Nahmais, modern IT is at risk, especially when supply chains become a common factor in marketing across different sectors. He stressed the need to have robust strategies for monitoring and managing modern attacks. He said, “there’s a need to monitor crucial risks through for encryption, cloud providers, Vector-associated DNS management, and certification as the existing IT seems not prepared to handle these kinds of attacks. He added that failure to have practical cooperation across the different ecosystem players makes it easier for attackers to identify vulnerabilities and further exploit them, as witnessed through the SITA attack. Therefore, this means that companies that handle big data are at much more significant risk as attackers target such organizations, probably, to harvest as much client information as possible.
The magnitude of this attack forced SITA to outsource IT experts to combat its further executions as the situation needed to be monitored closely to prevent the attack from causing “more damage.” Expressing their concerns on how COVID-19 has multiplied security threats globally, “hackers and cybercrime have become more common headlines than before. ” The statement read that Cyber-criminals are now sophisticated and continue to pose a threat nearly to all industries affiliated to IT.”