Pirated Software Likely Cause of Airbus Breach

Cyber Security Threat Summary:
A major data breach at Airbus revealed earlier this week stemmed from a RedLine info-stealer likely hidden in a pirated copy of Microsoft software, according to researchers. The European aerospace giant said it has launched an investigation into the incident. “As a major high-tech and industrial player, Airbus is also a target for malicious actors,” it noted in a statement. “Airbus takes cybersecurity seriously and continuously monitors activities on its IT systems, has solid protection tools, skilled cyber experts and associated processes to protect the company by taking immediate and appropriate measures as and when needed” (Info Security Magazine, 2023).

3 The data breach was claimed by threat actor USDoD, who claims to work for the Ransomed ransomware group. Stolen data was published to BreachForums. Personal information associated with 3200 Airbus vendors such as Rockwell Collins and Thales Group was apparently featured in the data dump – including names, addresses, phone numbers and email addresses.

3 Security Officer Comments:
The threat actors claimed access to this data was the result of stolen credentials from an employee of Turkish Airlines, which was later confirmed during the investigation. A computer belonging to an employee of Turkish Airlines contained third-party login credentials for Airbus. The employee had allegedly downloaded a pirated version of the Microsoft .NET framework, which contained the RedLine malware.

3 Of equal concern, USDoD claims to have more victims in the aerospace industry, including several large US defense contractors. USDoD has also been linked to the compromise of the FBI’s InfraGard information sharing network.

3 Suggested Correction(s):
This incident highlights supply chain dangers, and the need for better controls around third-party suppliers. Additionally, the cause of the attack was the downloading of pirated software. Employees should adhere to a company prescribed acceptable use policy, and should be trained of the dangers, and potential fines associated with using and downloading illegal software.

3

  • Avoid downloading pirated software from torrent websites. Many of these website’s offer working versions of software that contain malware.
  • Never use cracked or illegal versions of software, companies and individuals who break the law can be penalized for every instance of software copyright violation.
  • Use strong passwords and enforce multi-factor authentication wherever possible.
  • Turn on the automatic software update feature on your computer, mobile, and other connected devices.
  • Use a reputed antivirus and internet security software package on your connected devices, including PC, laptop, and mobile.
  • Refrain from opening untrusted links and email attachments without first verifying their authenticity.
  • Educate employees in terms of protecting themselves from threats like phishing’s/untrusted URLs.

    3 Link(s):
    https://www.infosecurity-magazine.com/news/pirated-software-cause-airbus/

    Contact Us for Threat Assistance Back to Current Threats

    • Just Starting?



    Contact LACyber for More Info



    Current Active Cyber Threats