Results 1 to 3 of 3
  1. #1
    Member

    Join Date
    Jan 2020
    Last Online
    01-08-2023 @ 11:33 PM
    Posts
    510

    Mayday! Nok Air Faces Another Ransomware Attack, This Time LockBit

    Nok Air Ransomware Attack: LockBit Threatens to Leak Data

    NokAir, the Thailand -based low-cost airline, has fallen victim to another ransomware attack, this time at the hands of the LockBit ransomware group.

    The ransomware news comes just months after the airline was targeted by the ALPHV ransomware group, which claimed to have exfiltrated over 500GB of data.

    The LockBit group has announced that it has added Nok Air to its list of victims and has threatened to publish the data it has stolen by March 15, 2023.

    The airline primarily offers domestic services in Thailand and is based at Bangkok’s Don Mueang International Airport.

    The LockBit group has been working tirelessly over the past couple of years, using various tactics, methods, and procedures to improve its success rate.

    They are known for using double and triple extortion methods, where they not only encrypt the data but also threaten to publish it unless a ransom is paid.
    Nok Air data breach details shared online

    The Thailand airline operator was in the cyber security news in November 2022, when the ALPHV/BlackCat ransomware gang listed it as a victim.

    On November 20, 2022, the ransomware’s data leak website showcased screenshots of the stolen data, The Cyber Express reported.

    The airline, which mainly operates domestic flights in Thailand from Bangkok’s Don Mueang International Airport, was targeted by the threat group that claimed to have exfiltrated more than 500GB of data.

    The developers responsible for the ransomware-as-a-service (RaaS) group employ double and triple extortion techniques, acquired new technologies, and integrated various tactics, methods, and procedures (TTP) into their strategies.

    After examining the published data that contained confidential information stored across numerous folders, documents, and spreadsheets, threat intelligence researchers at Cyble analyzed the material.

    Upon scrutinizing the screenshots posted on the data leak website, we discovered some files named “refund to customers.ink,” “req invoice.pdf,” “refund.xlsx,” “DD SWOT ANALYSIS.ppt,” and other sensitive documents.
    Airlines and ransomware attacks

    Throughout the autumn of 2022, airlines were targeted by various attacks, including a distributed denial-of-service (DDoS) attack on U.S. airport websites that temporarily took down several web services.

    A similar attack affected Jeppesen, a subsidiary of Boeing, on November 2, 2022. Jeppesen disclosed that this attack had the potential to affect the accuracy of some of its products and services, including the receipt and processing of notice to air missions that inform pilots of any potential hazards during flights.

    Airports are also susceptible to attacks and are a significant repository of carrier and passenger information.

    According to a Kaspersky advisory on air travel security, “Airport systems typically store not only travel document data but also payment information. This poses an issue not only for customers but also for the airport itself since modern data protection laws offer no leniency to organizations that are careless with data protection.”
    Cybercriminals and the rise of ransomware-as-a-service (RaaS)

    The rise of ransomware-as-a-service (RaaS) groups has made it easier for cybercriminals to launch ransomware attacks. They can rent the ransomware software from these groups rather than develop it themselves.

    ALPHV, also known as BlackCat and Roberts, has been one such RaaS group active over the past couple of years.

    It is not yet clear how Nok Air’s systems were breached, but it serves as a reminder of the importance of cybersecurity measures for businesses of all sizes.

    Small and medium-sized businesses are often seen as easy targets for cybercriminals, as they may not have the same level of security measures in place as larger organizations.

    Hackers target airlines and airports for various reasons, including financial gain, cyber espionage, disruption of operations, reputation damage, political motivation, and interconnectedness with other industries.

    These organizations deal with a large amount of sensitive information, making them attractive targets for cybercriminals. It is essential that airlines and airports take measures to protect themselves from these threats to prevent potential damage to their reputation and operations.

    As more businesses shift to digital operations, they must prioritize cybersecurity and invest in the necessary tools and technologies to protect their data.

    This includes regular software updates, employee training on cybersecurity best practices, and working with cybersecurity professionals to conduct regular risk assessments and vulnerability scans.

    The ransomware attack on Nok Air highlights the ongoing threat posed by cybercriminals, particularly ransomware-as-a-service groups like ALPHV and LockBit. Businesses must take cybersecurity seriously and implement robust measures to protect their data from these attacks.The airline primarily offers domestic services in Thailand and is based at Bangkok’s Don Mueang International Airport.
    The LockBit group has been working tirelessly over the past couple of years, using various tactics, methods, and procedures to improve its success rate.
    They are known for using double and triple extortion methods, where they not only encrypt the data but also threaten to publish it unless a ransom is paid.
    Nok Air data breach details shared online

    The Thailand airline operator was in the cyber security news in November 2022, when the ALPHV/BlackCat ransomware gang listed it as a victim.
    On November 20, 2022, the ransomware’s data leak website showcased screenshots of the stolen data, The Cyber Express reported.
    The airline, which mainly operates domestic flights in Thailand from Bangkok’s Don Mueang International Airport, was targeted by the threat group that claimed to have exfiltrated more than 500GB of data.
    The developers responsible for the ransomware-as-a-service (RaaS) group employ double and triple extortion techniques, acquired new technologies, and integrated various tactics, methods, and procedures (TTP) into their strategies.
    After examining the published data that contained confidential information stored across numerous folders, documents, and spreadsheets, threat intelligence researchers at Cyble analyzed the material.
    Upon scrutinizing the screenshots posted on the data leak website, we discovered some files named “refund to customers.ink,” “req invoice.pdf,” “refund.xlsx,” “DD SWOT ANALYSIS.ppt,” and other sensitive documents.
    Airlines and ransomware attacks

    Throughout the autumn of 2022, airlines were targeted by various attacks, including a distributed denial-of-service (DDoS) attack on U.S. airport websites that temporarily took down several web services.
    A similar attack affected Jeppesen, a subsidiary of Boeing, on November 2, 2022. Jeppesen disclosed that this attack had the potential to affect the accuracy of some of its products and services, including the receipt and processing of notice to air missions that inform pilots of any potential hazards during flights.
    Airports are also susceptible to attacks and are a significant repository of carrier and passenger information.
    According to a Kaspersky advisory on air travel security, “Airport systems typically store not only travel document data but also payment information. This poses an issue not only for customers but also for the airport itself since modern data protection laws offer no leniency to organizations that are careless with data protection.”
    Cybercriminals and the rise of ransomware-as-a-service (RaaS)

    The rise of ransomware-as-a-service (RaaS) groups has made it easier for cybercriminals to launch ransomware attacks. They can rent the ransomware software from these groups rather than develop it themselves.
    ALPHV, also known as BlackCat and Roberts, has been one such RaaS group active over the past couple of years.
    It is not yet clear how Nok Air’s systems were breached, but it serves as a reminder of the importance of cybersecurity measures for businesses of all sizes.
    Small and medium-sized businesses are often seen as easy targets for cybercriminals, as they may not have the same level of security measures in place as larger organizations.
    Hackers target airlines and airports for various reasons, including financial gain, cyber espionage, disruption of operations, reputation damage, political motivation, and interconnectedness with other industries.
    These organizations deal with a large amount of sensitive information, making them attractive targets for cybercriminals. It is essential that airlines and airports take measures to protect themselves from these threats to prevent potential damage to their reputation and operations.
    As more businesses shift to digital operations, they must prioritize cybersecurity and invest in the necessary tools and technologies to protect their data.
    This includes regular software updates, employee training on cybersecurity best practices, and working with cybersecurity professionals to conduct regular risk assessments and vulnerability scans.
    The ransomware attack on Nok Air highlights the ongoing threat posed by cybercriminals, particularly ransomware-as-a-service groups like ALPHV and LockBit. Businesses must take cybersecurity seriously and implement robust measures to protect their data from these attacks.



  2. #2
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,555
    To get hit once can go down as a learning experience.

    To not learn from it is unforgiveable.

  3. #3
    5 4 Knoll
    david44's Avatar
    Join Date
    Aug 2011
    Last Online
    @
    Location
    At Large
    Posts
    21,088
    Nok nok who's bare?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •