Critical Infrastructure Security
Everest Extortion Group Targets Dublin Airport
A Russian data extortion group named Everest has threatened to release 1.5 million records allegedly obtained from Dublin Airport. This threat follows an investigation into a cybersecurity breach that originated from a September incident impacting multiple European airports.
The group announced on its dark web leak site that it possesses sensitive passenger data and has set a deadline for payment before the data is made public. This incident highlights the ongoing vulnerabilities in critical infrastructure systems, especially those tied to aviation safety.
On October 17, Everest took credit for compromising the backend infrastructure of Collins Aerospace, a software provider that facilitates check-in processes for various airlines. A notable disruption in mid-September was reported, resulting in delays at major airports including Heathrow and Brussels, due to a malware-linked incident involving Collins’ Muse software.
A spokesperson for the Dublin Airport Authority confirmed that an investigation is underway. They stated that preliminary findings suggest the compromised data primarily consists of passenger boarding details from August, although they believe DAA systems remain unaffected. The European Union’s Agency for Cybersecurity has categorized the earlier Collins Aerospace incident as a ransomware attack.
Everest claims it did not deploy ransomware but instead accessed an FTP server belonging to Collins using inadequately secured credentials. It indicated that excessive data downloading likely triggered alerts, leading to the eventual termination of their access. The disruption to check-in services is said to have resulted from Collins Aerospace taking its servers offline.
Investors were informed on September 24 of the cyber incident relating to ransomware, which the company acknowledged occurred on September 19, the same day the Muse service was reportedly compromised. Meanwhile, cybersecurity firm Hudson Rock posits that two separate cybercriminal entities may have simultaneously targeted Collins without awareness of each other’s operations.
This incident raises crucial concerns about the tactics employed in such attacks, particularly those involving initial access methods like phishing or exploiting weak credentials, as identified in the MITRE ATT&CK framework. These tactics open avenues for organizations to reevaluate their cybersecurity posture, especially regarding critical infrastructure systems.
The recent developments underscore a broader trend of escalating threats to cyber infrastructures globally, prompting business owners to implement more robust security measures. Ongoing vigilance against data breaches remains crucial as the landscape of cyber threats continues to evolve.
