Poor IT Security, Unpatched Vulnerability Cause Cathay Pacific Breach
The investigation report for the 2018 Cathay Pacific breach reveals that two separate hacking groups targeted the airline over a four-year period by capitalising on poor IT security and an unpatched vulnerability on a web-facing server. The first breach took place in October 2014 when hackers accessed the network via VPN using valid credentials. The group then placed a keylogger on the compromised system to harvest account credentials for accessing other parts of the network. The second breach occurred in May 2017 after hackers exploited an unpatched vulnerability on a web-facing server, enabling them to gain admin access, move laterally and install credential harvesting tools. These credentials were used to access data via a VPN until May 2018. Some 9.4 million passengers are affected by the Cathay Pacific breach, which exposed personally identifiable information, passport number and flight details.
More Weekly Cyber Newsanalysis and insights
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services