dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
200
HELLFIRE
MVM
join:2009-11-25

6 recommendations

HELLFIRE

MVM

Airline IT provider confirms passenger data leaked after major 'cyber-attack

»www.theregister.com/2021 ··· rovider/
»www.sita.aero/pressroom/ ··· ncident/
quote:
Not that many planes are taking off these days, but that didn’t stop the flight of passenger records from servers belonging to aviation tech supplier SITA after it was hit by a "cyberattack". In a public disclosure, the Swiss outfit confirmed it had last month fallen victim to a wide-ranging data security incident that ensnared passengers from some of the world’s largest airlines. SITA didn’t elaborate on the nature or extent of the attack, other than to describe it as “highly sophisticated but limited.” According to its own disclosure, the attackers obtained passenger records from servers hosted in an Atlanta, Georgia data centre operated by an American subsidiary.
So, this an "Ooops" or an "Oh S**T!" moment?

4W1H postmortem please, if only to learn and improve from this.

Regards

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

6 recommendations

Blackbird

Premium Member

said by HELLFIRE:

quote:
...SITA didn’t elaborate on the nature or extent of the attack, other than to describe it as “highly sophisticated but limited.” ...

Hmm. Perhaps it really was such an attack... but OTOH, can you picture a CYA 'public disclosure' from one of these hacked outfits stating what too often may be the actual story: "it was an ordinary attack that we had simply failed to properly protect against and which may have compromised everything we have"? Instead, these are almost always described as if the attack was engineered by highly-trained operatives with alien-level technology, but thanks to a sharp-eyed staff and clever protective measures, the attack was nipped in the bud with only modest data leakage.

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

5 recommendations

Snowy

Premium Member

said by Blackbird:

"it was an ordinary attack..."

At least in my own experience there are 2 departments that have control over IT Security.
1. Public Relations
2. Legal

Nothing goes public without the approval/consent/input of PR & Legal.

Mandatory disclosures at the Federal level could offer a more accurate picture of current breaches.
After all, as Blackbird See Profile pointed out, if all these breaches are indeed zero day or highly sophisticated or state sponsored it sends the message that it is useless to defend IT and that IT Security is based on the luck of the draw -

Meaningful, factual & verified mandatory breach disclosures would dramatically improve the IT Security landscape - especially among those companies that currently consider the cost of a breach just another cost of doing business with PR & Legal taking control of the public discussion.

/PR-Legal rant.

ashrc4
Premium Member
join:2009-02-06
australia

1 edit

3 recommendations

ashrc4

Premium Member

said by Snowy:

Meaningful, factual & verified mandatory breach disclosures would dramatically improve the IT Security landscape - especially among those companies that currently consider the cost of a breach.....

With the goldilocks principle of not too soon,not too late every person's has patched (or at least been able to mitigate) conundrum.
Mandatory reporting of breaches still should require immediate notification of a suspected breach before there legal teams fudge evidence/detailed nature of intrusions too.
Perhaps it should be scaled on the level of importance from data held or importance of falling into the wrong hands or malicious capacity to cause harm type of overview categorisation it dictates and or combination with sophistication of attack ,(i.e. replication potential elsewhere).
ashrc4

1 edit

4 recommendations

ashrc4 to Blackbird

Premium Member

to Blackbird
said by Blackbird:

said by HELLFIRE:

quote:
...SITA didn’t elaborate on the nature or extent of the attack, other than to describe it as “highly sophisticated but limited.” ...

Hmm. Perhaps it really was such an attack... but OTOH, can you picture a CYA 'public disclosure' from one of these hacked outfits stating what too often may be the actual story: "it was an ordinary attack that we had simply failed to properly protect against and which may have compromised everything we have"? Instead, these are almost always described as if the attack was engineered by highly-trained operatives with alien-level technology, but thanks to a sharp-eyed staff and clever protective measures, the attack was nipped in the bud with only modest data leakage.

This type of reporting leads to speculation that monitoring systems are a necessary and or daily code evaluations will become the norm.
Categorization of importance a system holds might need a policy of hardware and system function i.e. valid off line back up's mandate.
How many stories have we had that sophisticated actors broke in in recent times yet only minimal intrusion occurred.If we look at solarwinds intrusion method then it doesn't take much to consider unthought of persistent backdoors being a real possibility. It wasn't really a gone in 60 seconds security type of deal as they were all fingerprinted and traceable.
Most of the line being towed leads to systematic change or are we talking only about embarrassment /money being their issue.