Bilgesu Erdem
In a significant cybersecurity incident, Boeing, the renowned aerospace company, has been targeted by the LockBit ransomware group. This attack, which was initially made public on October 27, has escalated with LockBit leaking over 43GB of Boeingโs data, including backup files and IT management information, on November 10. The ransomware group, known for its prolific cybercrimes since January 2020, has demanded a ransom, which Boeing has not complied with, leading to this data release.
Escalation of the Cyberattack
The situation began when Boeing was listed on LockBit’s website as a victim, setting a deadline of November 2 for ransom payment. Despite temporary removal from the list, indicating possible negotiations, Boeing was reinstated on the site, and the ransomware group followed through on its threat by leaking the data. Reports from Bleeping Computer suggest that the leaked files contain critical configuration and auditing data. This breach has caused Boeing’s services website to shut down, displaying a notice about the cyber incident.
The Impact and Scope of the Breach
The attack primarily impacted Boeing’s parts and distribution business. However, the company has assured that aircraft safety remains uncompromised. The MalwareHunterTeam, a research group, highlighted that many files relate to Aviall, a Boeing subsidiary, raising concerns about the extent of network integration and the potential scope of the breach. The leaked data, mainly consisting of backup files, is being scrutinized to understand the full extent of the cyberattack.
The Underlying Vulnerabilities
Speculations suggest that the ‘Citrix Bleed’ attack, exploiting a vulnerability (CVE-2023-4966) in Citrix NetScaler ADC/Gateway appliances, might have been the entry point for the cybercriminals. This vulnerability, addressed by Citrix in October, allows attackers to bypass multifactor authentication and hijack authenticated sessions. Experts from Mandiant noted the exploitation of this vulnerability since late August, raising concerns about session data stolen prior to the patch deployment.
The Global Threat of LockBit
LockBit’s activities have resulted in about 1,700 attacks in the U.S. alone, with victims including ICBC, Taiwan Semiconductor Manufacturing Company, and Indigo Books and Music. The FBI reports that these attacks have led to approximately $91 million in ransoms paid to the gang. This incident with Boeing underscores the group’s focus on high-profile targets and the growing menace of ransomware in global cybersecurity.
As Boeing continues its investigation in coordination with law enforcement and regulatory authorities, the cybersecurity community is closely monitoring the ramifications of this breach. This event not only highlights the persistent threat posed by sophisticated cybercriminal groups like LockBit but also underscores the need for robust cybersecurity measures in protecting sensitive data and infrastructure. With ransomware attacks becoming increasingly audacious, the incident serves as a stark reminder of the vulnerability of even the most established companies in the face of evolving cyber threats.
