Transport

Poor IT Security, Unpatched Vulnerability Cause Cathay Pacific Breach

4 - 11 June 2019

The investigation report for the 2018 Cathay Pacific breach reveals that two separate hacking groups targeted the airline
Cyber_News_Transport

The investigation report for the 2018 Cathay Pacific breach reveals that two separate hacking groups targeted the airline over a four-year period by capitalising on poor IT security and an unpatched vulnerability on a web-facing server. The first breach took place in October 2014 when hackers accessed the network via VPN using valid credentials. The group then placed a keylogger on the compromised system to harvest account credentials for accessing other parts of the network. The second breach occurred in May 2017 after hackers exploited an unpatched vulnerability on a web-facing server, enabling them to gain admin access, move laterally and install credential harvesting tools. These credentials were used to access data via a VPN until May 2018. Some 9.4 million passengers are affected by the Cathay Pacific breach, which exposed personally identifiable information, passport number and flight details.

 

References:

Data Breach Incident Unauthorised Access to Personal Data of Passengers (PDF)

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Solutioning

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence