11 Mar, 2021

Data Leak at SITA Affects Airlines

SITA provides communication and IT support to more than 2,500 customers at more than 1,000 airports in 200 regions. SITA, a multinational company specializing in aviation communications and IT, confirmed this week that it has been the victim of a cyberattack that appears to have affected many airlines around the world.

SITA officials on Thursday described the attack as a "very sophisticated attack" and said that as a result of the attack, some passenger data stored on SITA PSS (Passenger Service System) servers, which operates passenger processing systems for airlines, was affected.

Several airlines, including Singapore Air, Malaysia Air, Fin Air, Jeju Air and New Zealand Air, have confirmed they were affected by this breach. SITA spokesperson Edna Ayme-Yahil did not say how many users were affected by the attack, for privacy reasons. Singapore Air alone reported that more than 580,000 customers were affected.

After SITA understood the data leak incident, it took action and contacted PSS customers and all relevant organizations affected by the attack. In the notifications sent by the affected airlines to their customers, it was stated that only information such as name, rank status and membership number were at risk. Notification has been sent that passwords, credit card information, passport numbers, reservations or contact information are not compromised.

SITA quickly took action and stepped up its measures. Incident investigation process continues by SITA's Security Incident Response Team with the support of cyber security experts. "It's not yet clear what the attack vector is in a SITA breach, but vulnerability data by Ethical hackers through HackerOne shows that the aviation and aerospace industry is seeing more privilege escalation and SQL injection vulnerabilities than any other industry," said Shlomie Liberow, solution architect at HackerOne. and these account for 57 percent of reported vulnerabilities,” he explained.

Lessons learned;

  • Be prepared for a cyber incident.
  • Forensic evidence that a cyber incident may occur should be collected on a regular basis.
  • You should have the technological infrastructure that allows you to have all the evidence in your hands all the time, without having to worry about collecting evidence in case of a cyber incident.
  • A rapid and effective response should be made to the cyber incident.
  • After companies reach a certain size, they should establish SOC centers or receive SOC service as a service.
  • EDR/EPP solutions that “protect from the unknown” should be used at the endpoints.
  • DLP solutions should be used within the framework of effective and sustainable policies.
  • Security updates should be checked.
  • Awareness training should be given to end users.
  • Users should not use the same passwords on different accounts.
  • For password security, the following blog post can be viewed: Creating and Storing Secure Password

Source
sita.aero


To request a quotation for the following: Cyber Security, Digital Transformation, MSSP, Penetration Testing, KVKK, GDPR, ISO 27001 and ISO 27701, please click here.

About Content:
Share on Social Media:
Facebook
Twitter
LinkedIn
Telegram