Cyberattacks on airlines always seem to have a hard landing. The recent victim of airline attacks is Thailand-based Bangkok Airways. The airline company admitted that it suffered a security incident that disrupted its IT operations and compromised its users’ data. However, the incident did not affect its operational or aeronautical security systems.
The initial investigation revealed that attackers illicitly accessed customers’ personal data, including passenger name, family name, nationality, gender, phone number, email, address, contact information, passport information, historical travel information, partial credit card information, and special meal information.
While Bangkok Airways did not reveal the perpetrator of the attack, the incident has been reported to the Royal Thai police for further investigation.
“The company highly recommends passengers to contact their bank or credit card provider and follow their advice and change any compromised passwords as soon as possible. The company also alerted passengers to be aware of any suspicious or unsolicited calls and/or emails, as the attacker may claim Bangkok Airways and attempt to gather personal data by deception. Bangkok Airways will not be contacting any customers asking for credit card details and any such requests. In case of such event occurs, passengers should take legal actions,” Bangkok Airways said in a statement.
Is LockBit Group involved?
Several security experts suspect that the LockBit ransomware gang is behind this attack. A dark web criminal intelligence and investigation platform, DarkTracer, stated that operators behind LockBit ransomware have purportedly stolen 103GB worth of files from Bangkok Airways.
[ALERT] LockBit ransomware gang has announced Bangkok Airways on the victim list. It announced that 103GB of compressed files will be released. pic.twitter.com/LT2C0Eixxn
— DarkTracer : DarkWeb Criminal Intelligence (@darktracer_int) August 25, 2021
Cyber intrusions by LockBit ransomware operators have surged lately. The LockBit gang operates as a ransomware-as-a-service (RaaS) model appointing affiliates and insiders to carry out intrusion activities. The gang recently targeted the global IT consultancy giant Accenture, compromised its servers that held over 6TB of information, and demanded a $50 million ransom in exchange for the decryption key.