Dark Web Spotlight: LockBit Claims Bangkok Air Breach

Chalk up another aviation data breach.  Bangkok Air, Thailand’s second oldest and third largest airline has confirmed they suffered a data breach on August 23, 2021. The apparent culprits are the LockBit ransomware gang.  While Bangkok Air is busy beefing up its defenses, LockBit is seeking to auction off 103 GB of data. The Thai airline did acknowledge that some customer PII, namely credit cards, passports, and more were stolen alongside business documents.  Bangkok Air has informed customers to review credit card activity, change passwords, and be on the lookout for phishing scams using Bangkok Air’s name. Given LockBit is auctioning off their ill-gotten gains and Bangkok Air has disclosed the breach on their own terms, it is reasonable to assume that no ransom has been paid.  LockBit had a quiet period but has since ramped up its attacks in recent months. This breach comes on the heels of LockBit’s cyberattack against IT giant Accenture in early August.  In response to the increased activity, the Australian Cyber Security Centre released an advisory on LockBit noting that “members of the group are actively exploiting existing vulnerabilities in the Fortinet FortiOS and FortiProxy products identified as CVE-2018-13379 in order to gain initial access to specific victim networks.” CybelAngel Data Breach Prevention and Asset Discovery and Monitoring are key digital risk protection tools that can help prevent cyberattacks such as these. CybelAngel also recently published our whitepaper “Zero Visibility: Solving DigitalRisks in Aviation” which covers the major digital risks faced by aviation companies and how to solve them.