Hackers have carried out a large data breach on SITA, an IT Software Supply company that serves 90% of the global aviation industry. SITA confirmed that in late February that its US-based database, which contains information regarding frequent-flyers, was compromised by hackers. Airlines share information regarding frequent-flyers through SITA software, leading to the personal information of millions of customers being exposed.
The breached servers were a part of the. SITA Passenger Service System (SITA PSS).
SITA has stated that each of the affected airlines have been briefed on the breach. Some of the companies who have made public statements about the attack are United, British Airways, Singapore Airlines, and Finnair.
SITA have not revealed details of the attack vector taken by hackers, nor has it disclosed the exact type of data exposed in the attack. Many airlines have issued public statements confirming what types of data have been affected in relation to their passengers.
Company spokesperson Edna Ayme-Yahil stated “SITA PSS was holding the data of airlines that are not its direct customers, but are alliance members, because other airlines that are SITA PSS customers have an obligation to recognize the frequent flyer status of individual passengers and ensure that such passengers receive the appropriate privileges when they fly with them. That obligation arises from the contractual commitments that the other airline has agreed in its contractual arrangements with an alliance organization. It is common practice for alliance members to recognize the frequent-flyer scheme tiers of the passengers they carry. This mandates the sharing of frequent-flyer data amongst alliance members and, consequently, the service providers to those alliance members (such as SITA).”
Hackers See Airlines As Tempting Targets
Airlines have long been tempting targets for hackers. The aviation and aerospace industry is involved in cyberattacks frequently due to the personal information they hold in their servers and the lack of priority on company cybersecurity.
In particular, privilege escalation and SQL-injection vulnerabilities are weak points for the industry, account for 57% of the vulnerabilities highlighted to companies by ethical hackers.
The last 12 months have devastating for airlines globally, as they shift focus to simply surviving the Pandemic and staying in business. Hackers are aware of this shift and have turned more of their attention toward airlines to exploit vulnerable systems.
Airlines are a digital-first business and have many legacy systems in place. If there is no priority on maintaining these, they often become rife with exploits as they become out-of-date.
Vulnerabilities in the Software Supply Chain
The SITA attack is just another in a long list of attacks on the third-party software supply chain. Notably 2020, the SolarWinds breach was reported on by SaferNet, while in 2021, we have seen the Accellion File Transfer Appliance breach.
Third-party software supply chains are often the weakest link in an organization and so are targeted by hackers. While a company may have tight security control, a third-party vendor may not. This can act as a doorway for hackers to breach internal systems.
Ran Nahmias, co-found of Cyberpion explains, “The proliferated effect of the attack on SITA is yet another example of how vulnerable organizations can be solely on the basis of their connections to third-party vendors. If these kinds of seemingly legitimate connections are not properly monitored and protected, they can result in damaging breaches that unleash highly confidential data, as evidenced in this situation.”
The responsibility is on IT teams to correctly vet third-party vendors. Going forward, software supply chain breaches will become more common, and company leaders must become more vigilant in scrutinizing their security.
Securing Enterprise Systems
Small businesses can use a number of tools to tighten their cybersecurity. One of these tools is SaferNet.
SaferNet is the perfect solution to the cybersecurity issues that individuals, families, and businesses face today. It not only connects every device using a secure, 24/7 always on, military grade VPN, but it also stops outside cyberthreats, malware and viruses as well. On SaferNet, all users are protected anywhere in the world, all the time, on any cellular or Wi-Fi network. In addition to SaferNet’s VPN and cyber protection, it also offers a range of employee or parental/family internet controls including internet filtering, monitoring, scheduling, and blocking access to websites or even entire website categories
Typically, a business or family would need 3 separate services for a VPN, Malware Protection, and Internet Controls; SaferNet offers all 3 features in one service. SaferNet truly is an endpoint security presence that can be implemented in minutes around the world, on phones, laptops, tablets, and computers at an economical price point that caters to all sizes of businesses and families. SaferNet guarantees a smooth setup and installation process that takes only minutes, and an easily accessible control hub for you to monitor all your employee’s or family members devices; including activity, time spent online, and threats blocked.