sales@siconsult.com

Phone: +44 (0)20 332 70699

Visit Si Engineering

SiConsult Location SiConsult Location SiConsult Location

The Latest Cyber
Intelligence
from Si

Si Cyber Intel: Airline Fraud-as-a-Service (AFaaS)
Jan2019

Si Cyber Intel: Airline Fraud-as-a-Service (AFaaS)

Following on from our Cyber Intel last week regarding the Amadeus vulnerability affecting airlines, further research by the Insikt Group has discovered that airline fraud on the dark web is a greater threat than first thought. Based on the findings discussed in this blog, the methods used by threat actors have been given the name ‘Airline Fraud-as-a-Service (AFaaS).

The Insikt Group’s research on the dark web enabled them to not only identify the most targeted airlines and the primary attack vectors against them but also the threat actors who have been targeting these airlines with fraudulent activities on the dark web for a substantial period of time. Alongside airline companies, other service providers in the travel and hospitality industry such as car rental, hotel booking and excursion companies have also been targeted by these threat actors.

Serggik00, a member of the multiple Russian and English-speaking underground forum, sells flight tickets offering a 50% discount of the original price.
Source: Recorded Future

However, despite this discovery, analysis of threat actor discussions on the dark web suggests that their primary focus is to use fraudulent activities against airlines, with the most widely used attack vectors being phishing and spamming campaigns, ransomware attacks, purchasing flight tickets with stolen credit/debit cards, DDoS attacks (by applying various sophisticated TTPs to obtain personal information and gain access to the airline’s databases), creating fake replicas of travel agency websites, clever social media spoofing campaigns, and selling compromised airline accounts with balances, miles and bonus points (much like the Amadeus security threat) and ultimately affecting millions of users and individuals worldwide.

Image shows the sale of compromised accounts with balances, miles and bonus points on the dark web.
Source: Recorded Future

Researchers have identified that some attacks on airlines are organised by regular cyber criminals working the dark web but also by cyber criminals who are politically motivated or are state-sponsored hacker teams. Evidence of this includes well known hacking teams on the dark web such as “Babylon APT”, the Chinese pro-government hackers who sold vulnerabilities of United Airlines, Delta Air Lines, Japan Airlines, FedEx and more on the Chinese dark web forums back in 2016.

Insurance, risk management and claims consulting company, JLT Speciality Limited, highlights that the number of airline breaches have doubled between 2008 – 2011 and 2012 – 2015 and is expected to continue growing. They also noted that the financial losses from these airline companies affected by cyber-attacks is millions of pounds and that’s not including the damage to their reputation which will be impossible to comprehend.

An example of such an attack was on British Airways. The worldwide known airline suffered a huge attack on its booking system back in September 2018. Malicious hackers uploaded a script that stole the payment information of 380,000 of their customers which was then sold on the dark web.

Image shows screenshot of dark web illegal services targeting airline companies
Source: Recorded Future

Why is Airline Fraud-as-a-Service on the increase?

With the constant growth of stored data, airline travel is a convenient and easily accessible way to access PII of millions of customers worldwide attracting hackers and carders to obtain this data and sell on the dark web. The dark web is also rife with discussions and content relating to past breaches on airline companies, making is easy for cyber criminals to successfully deliver their own campaign using at least a dozen attack vectors noted above.

Risk Mitigation

In order to address such cyber-attacks, airlines must monitor their critical infrastructure 24x7 to detect and respond to such targeted cyber-attacks. They would require a mature team to monitor cyber-attacks as they happen and also to discover advanced attacks by performing active threat hunting on a regular basis. Airlines are not only expected to secure their IT infrastructure; they must protect their customer data. Our experience shows that the cyber attacker may exploit the supply chain gaps for targeted attacks, for example, attacks may come from compromised systems of an airline’s vendor or partners.

 

All News

Register and stay up to date with Si’s Cyber Intelligence

By using this form you agree with the storage and handling of your data by this website.

Interested in our services?

Do you have a question or need more information?

We would like to hear from you! Please complete the form below and a representative from Si will follow up with you as soon as possible.

By using this form you agree with the storage and handling of your data by this website. Please view the terms of our policy here.
Close

Al Barsha Business Point, Office 501, Al Barsha One, P.O. Box 283996, Dubai, UAE

CALL OFFICE EMAIL OFFICE
Close

1st Floor, 6 Bevis Marks, London, EC3A 7BA

CALL OFFICE EMAIL OFFICE
Close

Supreme Headquarters Building, Office 807-810, Survey No. 36, Pune-Bangalore Highway, Baner, Pune 411045, India

CALL OFFICE EMAIL OFFICE
Close

Office 808, Tower II, The Gate Mall, West Bay, Doha, Qatar, PO Box 14023

CALL OFFICE EMAIL OFFICE

Thank you for your enquiry. We will be in touch shortly.

Thank you for signing up to Si news.

Thank you for your download request. We will email it shortly.

Thank you for your partner registration application. We will be in touch shortly.

Thank you for your enquiry. We will be in touch shortly.

Thank you for your download request. We will email it shortly.

Thank you – your request has been submitted and you will be contacted within 24 hours.

Thank you – your request has been submitted and you will be contacted within 24 hours.

Thank you – your interest in this event has been submitted and you will be contacted within 24 hours.