US airline rocked by hacking incident | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

“Airlines are resilient,” says IATA director-general Willie Walsh – Copyright AFP/File Hector RETAMAL

A hack has taken place at Pilot Credentials, a third-party vendor that manages the pilot applications and recruitment portals of several airlines, that affected nearly 9,000 American and Southwest Airlines pilots and applicants.

Looking into this cybersecurity incident for Digital Journal is Nick Tausek, Lead Security Automation Architect at Swimlane and Sally Vincent, Senior Threat Research Engineer at LogRhythm.

According to Tausek the details of the cybersecurity incident are only just emerging: “American Airlines and Southwest Airlines have both disclosed data breaches due to the hack of a third-party vendor Pilot Credentials. The hack, which happened on April 30, involved the vendor’s networks and led to the theft of classified information including the personal data of prospective pilots and cadets.”

In terms of the know specifics: “5,745 pilots and candidates were reportedly impacted by the incident according to American Airlines, while 3,009 were reported by Southwest Airlines.”

This has had consequences: “Both airlines have ended their relationships with the vendor and will divert applicants to internal portals notwithstanding the absence of any proof of targeted exploitation or fraudulent behaviour.”

In terms of the wider ramifications, Tausek acknowledges: “Data breaches are becoming more frequent and more costly, but they don’t have to be. To significantly reduce the risk of data breaches, airlines must collaborate closely with third-party vendors to prioritize the implementation of robust security measures. This includes practices such as multifactor authentication and regular password updates, and evaluating whether or not their current security strategy is leaving room for delays in threat detection and incident response.”

This means that some business practices are more vulnerable than others. Tausek adds: “The reality is that manual security processes are often time-consuming and prone to errors, leaving organizations vulnerable to attacks. Security automation tools, especially those of the low-code variety, can accelerate security teams’ capabilities to keep pace with the evolving threat landscape.”

Vincent’s take is that companies need to focus on their third party provisions and understand the full extent of interconnections through the supply chain. Here Vincent notes: “The challenges of managing and detecting threats within an enterprise’s IT infrastructure, assessing third-party risk is also a critical aspect.”

For the airline sector, Vincent states: “For airlines, it is essential to have strong communication and notification tools, as well as a deep understanding of how to effectively configure their complex IT environment. This allows them to gain a comprehensive view of anomalous and malicious activities across all fronts, enabling a prompt and thorough response.”

And in terms of recommended actions,. Vincent puts forward: “By implementing a well-configured security monitoring solution that provides complete visibility, including for third-party vendors, it would have been more likely to detect indicators of compromise and mitigate the threat in a timely manner.”


Click Here For The Original Story From This Source.

National Cyber Security