Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Air India. Show all posts

LockBit Claims Cyberattack on India’s National Aerospace lab

 

LockBit, the infamous ransomware group, has admitted to being behind a cyber assault on India's state-owned aerospace research laboratory. Additionally, during the month of July, LockBit's dark web leaked data of Granules, an Indian pharmaceutical company, as one of its latest targets in a cyber attack. 
 
On Wednesday, LockBit put the National Aerospace Laboratories (NAL) on its dark web leak site, where ransomware groups usually try to get money from their victims. They threatened to share the organization's stolen information unless they paid an unknown amount, according to what TechCrunch found. 

After asserting responsibility for the cyberattack on the National Aerospace Laboratories and posting the claim on the dark web, the hacker collective has presented a daunting ultimatum. They set a deadline of December 18, 2023, at 18:58:48 UTC, emphasizing that if their demands are not met, they will expose the compromised data.  

In an unexpected departure from their usual approach, LockBit has chosen not to reveal any mitigation plans this time. Typically, they would outline a ransom, often starting at $10,000, to secure a 24-hour extension to the deadline. As of the time this information is being shared, the National Aerospace Laboratories (NAL) website is currently inaccessible globally. 

The cause of this website disruption remains uncertain, and it is not clear whether it is linked to the ransomware attack or not. Furthermore, the LockBit released eight documents, claiming they were stolen. These documents include confidential letters, an employee's passport, and various internal records. 

Established in 1959, the National Aerospace Laboratories (NAL) is India's premier aerospace research organization, owned by the government's Council of Scientific and Industrial Research. NAL collaborates closely with entities like ISRO and DRDO, focusing on advanced research in aerospace and related fields, particularly in the development of civilian aircraft. 

As per a collaborative advisory released by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and its counterparts in Australia, Canada, France, Germany, New Zealand, and the United Kingdom, disclosed information highlights coordinated efforts in the field of cybersecurity. The report also shows that Lockbit has become the most famous used ransomware variant globally in 2022 and 2023.

Emails and Passwords of Government Officials Exposed due to Data Breaches

 

Hundreds of Union government officials' emails and passwords have been exposed to hackers as a result of recent data breaches of Air India, Domino's, and Big Basket, according to the government. The Hindu obtained a copy of an internal document that stated that compromised emails on government domains such as @nic.in and @gov.in are potential cyber threats because they are being exploited by "adversaries" to send malicious emails to all government users. 

A malicious web link provided on WhatsApp and SMS days after the alert was sent on June 10 targeted many government offices, including Defence Ministry officials, requesting them to update their vaccination status. The message directed officials to https://covid19india.in to generate a digital certificate of COVID-19 inoculation, forwarding them to a page called "@gov.in," which looks similar to the government website mygov.in, and asking for their official e-mail and password. 

According to cyber expert Rajshekhar Rajaharia, the website was hosted in Pakistan in June. “The page mentioned @nic.in email IDs to make the official believe it is a government page. The purpose seemed to be getting the e-mails and passwords of only government officials and get unauthorised access to government systems, the page does not accept any other domain such as gmail.com,” said Mr. Rajaharia. 

On May 15, Air India informed passengers that its passenger service system, which is provided by multi-national IT company SITA, was the target of a sophisticated cyber-attack in the last week of February that affected nearly 45 lakh “data subjects” worldwide who registered between August 26, 2011 and February 3, 2021. Officials from the government are frequent travellers on Air India. 

The alert sent to officials said, “It is intimated that recent data breaches of Air India and other companies like Domino’s, Big Basket etc. have resulted in exposure of e-mail ID and passwords of many users, which includes lots of government email IDs as well. All such compromised gov. domain emails are potential cyber threats as they are being used by the adversaries to send out malicious mails to all gov email users. It may please be noted that largely these are name based email IDs which are available with the malicious actors.” 

On March 1, the Union Power Ministry announced that multiple Indian power centres had been targeted by “state-sponsored” Chinese cyber gangs. Recorded Future, a cyber security and intelligence organization based in the United States, determined that Chinese state-sponsored actors may have infiltrated Indian power grids and seaports with malware.

45 Lakh Customer Data Compromised as Air India Servers Gets Hacked

 

A massive cyberattack was perpetrated against the domestic carrier Air India, which compromised passengers' data including passports, contacts, ticket information, and credit card information. 

Air India is India's flag carrier, based in New Delhi. It owns and runs the Airbus and Boeing aircraft fleet serving 102 national and international destinations and is operated by Air India Limited. 

The airline stated that the incident impacted about 4,500,000 data subjects worldwide. The company further added that the violation involved data from somewhere between August 2011 and February 2021. 

“The breach involved personal data registered between 26 August 2011 and 3 February 2021, with details that included name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data (but no passwords data were affected) as well as credit cards data,” a message from Air India reads. 

While the airline has admitted that the credit card details have been violated, it has made it clear that its data processors have not held the CVV/CVC numbers - which are the key to carrying out transactions. 

"Our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers. This incident affected around 4,500,000 data subjects in the world," said the statement issued by Air India. 

The state-owned flight operator also mentioned that the first communication concerning the data violation had been obtained from its data processor on 25 February 2021. That being said, on March 25 and May 4, the identification of the data subjects concerned was given. 

"While we had received the first notification in this regard from our data processor on 25.02.2021, we would like to clarify that the identity of the affected data subjects was only provided to us by our data processor on 25.03.2021 and 5.04.2021," the statement said. 

Air India has also mentioned that it follows data protection policies and has started investigating data protection incidents. The airline also secures vulnerable servers, engages external computer protection experts, liaises, and notifies Air India frequent flyer program credit card issuers and reset flyer passwords.