First of all,
let’s start with the facts,
January the 30th
2019: Airbus issues a press release announcing that the commercial
sector of the company has come under cyber attack. It was a non
authorized access to company data. Airbus reassures there won’t be
any economic impact on the company operations.
Airbus, let us
remember, is an European society with its headquarters in the
Netherlands, active in the field of aircraft production and Space and
Defense research. One of its activities is the cyber defense both for
internal use and for its customers.
The press release
continues saying that the attack is under analysis and Airbus's
experts have already undertaken a number of necessary actions in
order to strengthen the security measures,mitigate the impact of the
attack and of course, to identify the source of the attack.
The press release
ends with saying that the authorities, included Data Protection
sector, have already been informed of the attack and reassuring that
Airbus employees have been solicited to take the necessary
precautions in order to continue their activities.
After a few days
the press is already on the case.
On the 4th
of February the newspaper “Challenges” reports that according to
statements coming from public sources and other sources close to the
company, the “modus operandi” used by the attackers is similar to
the one used by a group of Chinese cyber group. It looks like the
scope of the attack was to hijack technical documents relating
aircraft certifications. The attack scheme is in fact similar to the
APT
10 , or even more sophisticated.
It looks like the
attack started in December was aimed to affect an Airbus supplier,
and then move to the real objective. This theory is based on clues
and it will be difficult to prove it.
Let’s notice
that the company trend in the stock exchange wasn’t apparently
affected by this attack.
Anyways, what
happened shows how dangerous can a supply chain attack be, especially
if aimed to strike a third party, usually a supplier of the main
objective, with little or no cyber defense capabilities.
ALESSANDRO
RUGOLO
(english
translation by Francesco Rugolo)
Pictures
: https://www.airbus.com/
To know more
about the topic:
- https://www.airbus.com/newsroom/press-releases/en/2019/01/airbus-statement-on-cyber-incident.html;
- https://www.challenges.fr/entreprise/transports/cyberattaque-contre-airbus-la-piste-chinoise-avancee_640396;
- https://www.mirror.co.uk/travel/news/breaking-airbus-cyber-attack-believed-13955680;
- https://www.fireeye.com/current-threats/apt-groups.html#apt10;
- https://www.cshub.com/attacks/articles/incident-of-the-week-airbus-reports-employee-data-hack;
- https://www.csoonline.com/article/3191947/data-breach/what-is-a-supply-chain-attack-why-you-should-be-wary-of-third-party-providers.html
- https://www.challenges.fr/entreprise/transports/cyberattaque-contre-airbus-la-piste-chinoise-avancee_640396;
- https://www.mirror.co.uk/travel/news/breaking-airbus-cyber-attack-believed-13955680;
- https://www.fireeye.com/current-threats/apt-groups.html#apt10;
- https://www.cshub.com/attacks/articles/incident-of-the-week-airbus-reports-employee-data-hack;
- https://www.csoonline.com/article/3191947/data-breach/what-is-a-supply-chain-attack-why-you-should-be-wary-of-third-party-providers.html
Nessun commento:
Posta un commento