Boeing, the American multinational corporation most known for the manufacturing of aircrafts, rockets, satellites, and missiles, has confirmed a cyber breach on their systems. Last week, the infamous and prolific ransomware gang, LockBit, announced that “a tremendous amount of sensitive data was exfiltrated” from Boeing’s systems and was ready to be published if the company did not make contact within the deadline.
The announcement has since been removed from LockBit’s website, but a screenshot shared by Dominic Alvieri on X shows that LockBit demanded a response from Boeing before November 2nd.
On October 28th, the malware research group VX-Underground claimed to have spoken with a LockBit representative about the then alleged breach. According to this statement, LockBit claimed to have gained access to Boeing systems through a Zero-Day Vulnerability exploit.
At this point Boeing had yet to confirm or deny any claims.
However, on November the 2nd, Boeing confirmed with various publications that their systems had been compromised in a cyber incident.
Boeing spokesperson Jim Proulx told TechCrunch that while elements of parts and safety business were targeted in this incident, flight safety was not affected. Additionally, he said, “We are actively investigating the incident and coordinating with law enforcement and regulatory authorities. We are notifying customers and suppliers.”
While Boeing has yet to confirm whether the LockBit group was truthfully behind the incident, the fact that the listing was removed from the website before the deadline suggests that it is the case.
At this time, the Boeing Services website is down for technical issues.
According to Erfan Shadabi, cybersecurity expert with data security specialists comforte AG, “Boeing’s acknowledgement of the cyber incident and its cooperation with law enforcement are commendable steps in addressing the breach. The aerospace and defence sector, similar to various other industries, heavily depends on an extensive network of suppliers and partners. It’s a common occurrence for threat actors to target vulnerabilities within these expansive ecosystems.”
Erich Kron, Security Awareness Advocate at KnowBe4, added, “Ransomware can be a significant issue for organizations such as Boeing who need to provide parts quickly and often in a just-in-time manner. In the event their systems are down due to the ransomware encryption, significant delays could occur that may stop commercial aircraft from flying. In addition, organizations such as this have a tremendous amount of intellectual property that spans both commercial and military industries, and the theft of that information and threat to leak it publicly could be a significant issue for the company and any impacted military services. These cyber criminals know this and use it to their advantage to request what is often a huge ransom from the victims.”
According to Shadabi, the data at risk is the real concern in a scenario like this. He commented, “One key takeaway from this incident is the importance of a proactive approach to cybersecurity that revolves around the safeguarding of data itself. Traditional cybersecurity measures often focus on perimeter defence and incident response. However, the concept of data-centric security, particularly tokenization, offers an additional layer of protection. Tokenization involves replacing sensitive data with non-sensitive placeholders, or tokens, rendering the stolen data useless to malicious actors. By utilizing tokenization, organizations can minimize the impact of data breaches, safeguard their intellectual property, and protect customer information. This proactive approach reduces the incentive for cybercriminals to target an organization and demand ransoms, as they are less likely to obtain valuable information. Cyberthreats are evolving and as we move forward in the digital age, organizations of all types must invest in comprehensive cybersecurity strategies that safeguard their most valuable asset – data.”
Indeed, Kron also raised some caution. He explained that, “Generally speaking, the attackers will guarantee that the information is deleted if the ransom is paid, however, that simply means we have to trust the very criminals that broke into our systems, stole the data, and oftentimes disrupted critical business, to do as they promise. When it comes to extremely valuable information, such as potentially sensitive information about military equipment, the odds are pretty good that other nation states will be willing to pay a significant amount for this information and the victim would never know it has been sold.”
While there has been some discussion that LockBit gained access to Boeing systems by exploiting a Zero-Day Vulnerability, Kron warned that it could have just as easily been a result of a social engineering attack. He said, “Since most ransomware starts with a social engineering attack that targets humans, organisations that deal in information such as this or have critical manufacturing or logistical time frames should ensure that their employees are educated on how to spot and report phishing attacks to their security team. In addition, strong Data Loss Prevention (DLP) controls should be in place to limit the possibility of data being exfiltrated by bad actors.”