A ransomware attack against Boeing has left the aerospace giant suffering disruption to its parts and distribution business and locked in a cyberattack investigation.
The incident came to light after the Lockbit cybercrime gang threatened to release sensitive data stolen from Boeing if the flight firm did not pay a ransom by November 2. Although it’s unclear whether Lockbit was responsible for the attack, the threat that was detailed on the gang’s website has now been taken down.
Boeing has emphasised that the incident has no impact on flight safety. However, the ransomware incident has caused certain webpages related to its Global Services division to be temporarily unavailable due to technical issues.
The company is actively cooperating with law enforcement agencies to address the situation and has started notifying its customers and suppliers.
Lockbit, known as one of the most active global ransomware groups, specialises in encrypting victim organisations’ systems and stealing sensitive data for extortion. Even if the ransom is paid, there’s no guarantee that the stolen data won’t be leaked, cybersecurity experts say.
The specific nature of the data stolen from Boeing remains undisclosed, raising concerns, especially if defence-related information is compromised. Boeing’s cooperation with law enforcement and ongoing investigations is expected to shed light on the extent of the breach and its potential implications.
Ransomware has become an increasingly popular tactic for bad actors in recent times, but the method is now even more dangerous because it’s available to those willing to pay. Ransomware as a Service (RaaS) allows services to be contracted by anyone, with a fee being charged on the value of all ransoms. It represents an especially lucrative source of illicit income for criminal organisations.
Speaking exclusively to GRC World Forums, IT Security leader, Igor Gutierrez offers guidance on how organisations can avoid falling victim to such attacks.
“The focus is on reducing the attack surface and making attacks on your environment increasingly expensive to the point of discouraging criminals from targeting your company,” Igor says.
“Using Digital Risk Protection tools that monitor your company’s information on the DarkWeb and OSINT is an important step in understanding how exposed your company is. Having complete visibility of your infrastructure is essential,” Igor adds.
Know the risks
Boeing’s ransomware incident freshly underscores the evolving challenges posed by ransomware to major corporations, reminding us of the need for robust cybersecurity measures across industries.
Don’t miss the following exclusive sessions at PrivSec Global:
→ Ransomware as a Service (RaaS)
- Day 2: Thurssday 30th November 2023
- 15:00pm - 15:45pm GMT
Gone are the days when every attacker had to write their own ransomware code and run a unique set of activities.
RaaS is pay-for-use malware enabling attackers to use a platform that provides the necessary hacking code and infrastructure to launch a ransomware campaign.
Take a deep-dive into these evolving tactics, their impacts on businesses, and countermeasures against this digital extortion ecosystem.
→ Cyber risks to critical infrastructure are on the rise
- Day 2: Thursday 30th November2023
- 17:30pm - 18:15pm GMT
Critical infrastructure has always been a major target for cybercriminals and State-Sponsored hackers.
Given the Russia-Ukraine war, cyber-attacks and threats have grown exponentially, and the level of sophistication of these attacks is permanently evolving.
Companies now need to be extra prepared, with devices such as cameras, smart speakers, or locks and commercial appliances being potential entry points for attackers. Join us to find out how to survive this chronic state of cyber fear.
Discover more at PrivSec Global
As regulation gets stricter – and data and tech become more crucial – it’s increasingly clear that the skills required in each of these areas are not only connected, but inseparable.
Exclusively at PrivSec Global on 29 & 30 November 2023, industry leaders, academics and subject-matter experts unite to explore these skills and the central role they play in privacy, security and GRC.