Boeing Cybersecurity Ransomware Attack

Boeing Cybersecurity Ransomware Attack

On October 27th, the Russian cybercriminal group "LockBit" added Boeing, an American multinational corporation, to its ever-expanding list of compromised companies, with LockBit issuing an ultimatum of six days to meet their ransom demands or face the public release of the stolen data.

A Boeing spokesperson acknowledged a cyber incident affecting specific aspects of their parts and distribution business. They emphasised that this situation did not pose a threat to flight safety and mentioned that the company was currently evaluating the ransom demand made by the LockBit group.

"We are aware of a cyber incident impacting elements of our parts and distribution business. This issue does not affect flight safety," a Boeing spokesperson said.

The Boeing services portal remained inaccessible due to what was described as "technical issues," which could be attributed to the ransomware attack or even a deliberate move made by Boeing to prevent further exploitation. Boeing assured that they were actively investigating the incident and collaborating with law enforcement and regulatory authorities. They also emphasised their commitment to notifying both customers and suppliers.

 

How Bad Does This Get?

Boeing is a major player in the aerospace industry, serving customers worldwide, including the US Department of Defense, and NASA. With a workforce of over 140,000 across 65 countries and annual revenue exceeding $66 billion in 2022, this recent cybersecurity breach is a major concern for Boeing.

The LockBit ransomware gang claimed responsibility for the attack, asserting that they had exploited a zero-day vulnerability. They threatened to publish the stolen documents unless Boeing complied with their ransom demands by November 2. The gang declared that a substantial volume of sensitive data had been exfiltrated and was poised for release should Boeing fail to communicate before the specified deadline.

"A tremendous amount of sensitive data was exfiltrated and ready to be published if Boeing does not contact within the deadline," the LockBit ransomware gang warned.

However, the gang declined to provide samples of Boeing's data, claiming it was protecting the company.

"For now, we will not send lists or samples to protect the company, BUT we will not keep it like that until the deadline," said LockBit.

 

Making a Deal with Hackers!?

It is clear that negotiations have been underway privately between Lockbit and Boeing, as the stolen data from Boeing was removed from a data leak site, a move designed to mitigate potential reputational damage for the company in case they opt to pay the unknown ransom.

It has been reported that the LockBit ransomware gang had not engaged with Boeing's representatives, according to VX Underground, which also reported that the group had refused to disclose any specific information, including the quantity and nature of the stolen data or the zero-day vulnerability in question. The secretive approach by LockBit has been seen as unusual when compared to their tactics and methods used with past victims. The relatively short deadline of six days, compared to the usual ten days given to other victims, has raised further questions about the credibility of the stolen data being claimed by the Russian ransomware gang.

Boeing officially confirmed the cyber attack but refrained from commenting on whether they had received LockBit's ransom demands. While paying the ransom might help preserve Boeing's reputation, it does not guarantee that LockBit won't still leak corporate secrets to competitors or other cyber criminals.

 

The On-going Battle

On November 6, Cybernews released a screenshot taken from LockBit's dark web portal with the headline "timer stopped." This snapshot revealed that LockBit's countdown timer had halted on November 2, at 16:20 UTC (compared to Sydney; November 3, at 03:00 AEDT) marking the supposed ransom deadline imposed on Boeing.

Screenshot of LockBit’s dark web portal from cybernews
Screenshot of LockBit’s dark web portal from cybernews

LockBit issued a statement, declaring, "Boeing ignored our warnings, so we are commencing the data publication process. Initially, we will release approximately 4GB of sample data. If positive cooperation from the company is not forthcoming, we plan to release approximately half a terabyte of databases within the next few days."

Upon examining LockBit's portal, it showed that the leaked data encompassed a wide range, including training materials and a directory of Boeing's technical suppliers. Cybernews has alleged that the data contained information such as the names, locations, and contact numbers of Boeing's suppliers and distributors across Europe and North America. The data breach also purportedly exposed Boeing's financial particulars, encompassing sales figures, rebates, Cost of Poor Quality (COPQ) reports, pricing data with net costs, and list prices for the year 2020. Folders have also been found labeled as 'Hazardous Waste,' 'Rotorcraft,' and 'Business Cases,' alongside files containing Boeing's internal training materials, including instructions on system access and user permissions.

Boeing responded to Cybernews by confirming that they are actively investigating the incident and are in close coordination with law enforcement and regulatory authorities as the cyber battle continues. The company has also emphasised its commitment to notifying both customers and suppliers about the breach.

 

 

Your Security is our Priority

Your friendly Support Team

The Computer Department Logo

Speak to us about all your computer needs

This is Part of our Cyber Security awareness educational campaign. Through this training, you will learn awareness and key principles, and best practices to protect yourself, your organisation, and the public from cyber attackers. You will also be equipped with the knowledge to identify potential threats and take action before any damage can occur.

Previous
Previous

Growing Threat to Cyber Security

Next
Next

Defend Against Credential Theft and Password Reuse