Boeing has confirmed that it received a demand for a massive $200 million after a ransomware attack by the notorious LockBit hacking group in October 2023.
The company confirmed its link to the indictment of Dmitry Yuryevich Khoroshev, who was identified this week by the US Department of Justice as the true identity of LockBitSupp, the kingpin of the LockBit gang.
Read more in my article on the Hot for Security blog.
Category: Boeing
Boeing, the aviation giant, renowned for its manufacturing of airplanes for both defense and commercial purposes, fell victim to a ransomware cyber attack in October 2023. It has now come to light that the hackers behind the attack demanded a staggering $200 million in exchange for a decryption key and the deletion of 42GB of data stored on LockBit’s servers.
This revelation emerged as the FBI, in a collaborative effort with UK Europol and Australia’s NCSC, initiated a joint operation to identify and prosecute Dmitry Yuryevich Khorshev, the alleged owner of LockBit gang, also known by the alias LockBitSupp.
Boeing made the announcement following an indirect disclosure by the FBI, acknowledging that a prominent aircraft manufacturer had been targeted by the ransomware group in the third quarter of the previous year. When approached for further comments, the company redirected media inquiries to law enforcement agencies and pledged to provide updates shortly.
The trend of cyber criminals stealing data and extorting victims for ransom has become increasingly common. However, the demand for $200 million sets a new precedent in the realm of ransomware crime, showcasing the audacity of cyber criminals.
Refusing to acquiesce to such demands could potentially undermine the confidence of cyber criminals and deter them from profiting through illicit means. Furthermore, there’s no guarantee that paying the ransom will result in the receipt of a decryption key.
Recently, another ransomware spreading group dubbed ALPHV/BlackCat demanded $22 mil-lion from Change Healthcare. And after the law enforcement tried to disrupt its IT infrastructure, another ransomware gang dubbed RansomHUB issued a re-warning to the victim demanding $15 million.
Whether these groups are interconnected and if the subsequent demands are strategic maneuvers to extract more from the victims remain unclear.
From a humanitarian perspective, targeting the healthcare sector is tantamount to an act of war, as both scenarios result in the suffering of innocent lives.
The post LockBit Ransomware Group demands $200 million ransom from Boeing appeared first on Cybersecurity Insiders.
Boeing, the American multinational corporation most known for the manufacturing of aircrafts, rockets, satellites, and missiles, has confirmed a cyber breach on their systems. Last week, the infamous and prolific ransomware gang, LockBit, announced that “a tremendous amount of sensitive data was exfiltrated” from Boeing’s systems and was ready to be published if the company did not make contact within the deadline.
The announcement has since been removed from LockBit’s website, but a screenshot shared by Dominic Alvieri on X shows that LockBit demanded a response from Boeing before November 2nd.
On October 28th, the malware research group VX-Underground claimed to have spoken with a LockBit representative about the then alleged breach. According to this statement, LockBit claimed to have gained access to Boeing systems through a Zero-Day Vulnerability exploit.
At this point Boeing had yet to confirm or deny any claims.
However, on November the 2nd, Boeing confirmed with various publications that their systems had been compromised in a cyber incident.
Boeing spokesperson Jim Proulx told TechCrunch that while elements of parts and safety business were targeted in this incident, flight safety was not affected. Additionally, he said, “We are actively investigating the incident and coordinating with law enforcement and regulatory authorities. We are notifying customers and suppliers.”
While Boeing has yet to confirm whether the LockBit group was truthfully behind the incident, the fact that the listing was removed from the website before the deadline suggests that it is the case.
At this time, the Boeing Services website is down for technical issues.
According to Erfan Shadabi, cybersecurity expert with data security specialists comforte AG, “Boeing’s acknowledgement of the cyber incident and its cooperation with law enforcement are commendable steps in addressing the breach. The aerospace and defence sector, similar to various other industries, heavily depends on an extensive network of suppliers and partners. It’s a common occurrence for threat actors to target vulnerabilities within these expansive ecosystems.”
Erich Kron, Security Awareness Advocate at KnowBe4, added, “Ransomware can be a significant issue for organizations such as Boeing who need to provide parts quickly and often in a just-in-time manner. In the event their systems are down due to the ransomware encryption, significant delays could occur that may stop commercial aircraft from flying. In addition, organizations such as this have a tremendous amount of intellectual property that spans both commercial and military industries, and the theft of that information and threat to leak it publicly could be a significant issue for the company and any impacted military services. These cyber criminals know this and use it to their advantage to request what is often a huge ransom from the victims.”
According to Shadabi, the data at risk is the real concern in a scenario like this. He commented, “One key takeaway from this incident is the importance of a proactive approach to cybersecurity that revolves around the safeguarding of data itself. Traditional cybersecurity measures often focus on perimeter defence and incident response. However, the concept of data-centric security, particularly tokenization, offers an additional layer of protection. Tokenization involves replacing sensitive data with non-sensitive placeholders, or tokens, rendering the stolen data useless to malicious actors. By utilizing tokenization, organizations can minimize the impact of data breaches, safeguard their intellectual property, and protect customer information. This proactive approach reduces the incentive for cybercriminals to target an organization and demand ransoms, as they are less likely to obtain valuable information. Cyberthreats are evolving and as we move forward in the digital age, organizations of all types must invest in comprehensive cybersecurity strategies that safeguard their most valuable asset – data.”
Indeed, Kron also raised some caution. He explained that, “Generally speaking, the attackers will guarantee that the information is deleted if the ransom is paid, however, that simply means we have to trust the very criminals that broke into our systems, stole the data, and oftentimes disrupted critical business, to do as they promise. When it comes to extremely valuable information, such as potentially sensitive information about military equipment, the odds are pretty good that other nation states will be willing to pay a significant amount for this information and the victim would never know it has been sold.”
While there has been some discussion that LockBit gained access to Boeing systems by exploiting a Zero-Day Vulnerability, Kron warned that it could have just as easily been a result of a social engineering attack. He said, “Since most ransomware starts with a social engineering attack that targets humans, organisations that deal in information such as this or have critical manufacturing or logistical time frames should ensure that their employees are educated on how to spot and report phishing attacks to their security team. In addition, strong Data Loss Prevention (DLP) controls should be in place to limit the possibility of data being exfiltrated by bad actors.”
The post Aerospace Giant Boeing Confirms Cyber Compromise, LockBit Claims Responsibility first appeared on IT Security Guru.
The post Aerospace Giant Boeing Confirms Cyber Compromise, LockBit Claims Responsibility appeared first on IT Security Guru.
LockBit, a notorious ransomware gang, has recently set its sights on the aerospace giant Boeing, initiating a double extortion attack and threatening to unveil stolen data on or after November 2, 2023. In a brazen move, the criminal group has publicly disclosed that they’ve gained access to sensitive company information and are prepared to auction off this valuable data unless Boeing’s IT department complies with their demand for a multimillion-dollar ransom.
According to the United States Cybersecurity and Infrastructure Security Agency (CISA), LockBit stands out as one of the most active Russian-speaking cybercriminal organizations in 2023. Their audacious exploits have targeted over 1,700 American multinational corporations, accumulating an astonishing $93 million in ill-gotten gains from January 2020 to January 2023.
Boeing, a prominent commercial aircraft manufacturer, has not yet officially responded to LockBit’s claims. However, the company has pledged to provide a comprehensive update by the coming weekend, citing ongoing internal investigations as the reason for the delay.
This incident is reminiscent of LockBit’s earlier breach of the technology firm CDW in August of this year. The breach may have led to the exposure of additional data belonging to CDW’s clients and partners, with Boeing potentially being among the affected parties, now ensnared in a ransomware quagmire.
Boeing, known for its role in designing, manufacturing, and distributing airplanes, rotorcraft, satellites, telecom equipment, and missiles worldwide, also provides critical product support services to numerous government defense contractors across the globe.
The extent and nature of the data in the possession of the LockBit criminal gang remain uncertain. The full scope of the breach may only become apparent when the group decides to release a selection of screenshots or other evidence of their ill-gotten information.
The post LockBit Ransomware Group Targets Boeing with Data Threat appeared first on Cybersecurity Insiders.