American Airlines, the major airline company in the US, appears to be yet another victim of MOVEit vulnerability. Specifically, Cl0p ransomware gang hackers claim the successful attack upon the co. The post on their Darknet leak site does not disclose much, but the company is most likely already in the negotiations with hackers.
What is American Airlines?
Among quite a few airlines in the US, American Airlines is a bit special. Not only is the company among the oldest airlines, being 97 years old, but it is also the biggest company of its sector (by passenger flow). Being a member of multiple airlines unions, it provides both regional and international (including trans-Atlantic) flights. Such a large company is a no joke, and for attacking it you should be either exceptionally brave and confident — or extraordinarily reckless.
American Airlines Hacked by Cl0p
Over the last month, Cl0p has gotten more attention than it has ever experienced before. All is due to its extensive – and successful – use of the MOVEit MFT vulnerabilities. The managed file transfer suite appeared vulnerable to multiple exploitation scenarios, which allowed for both initial access and lateral movement. We released a chain of articles on this topic – consider checking them out if you missed that mess.
But back to the Cl0p’s attack on American Airlines. Their hacks are no joke, as each their hack is commonly complemented not only with ransomware attacks, but also extensive data extraction. The gang takes whatever they find, and in the case of American Airlines, the list of possible data categories is humungous. What’s worse, the company holds a lot of records about their passengers – which is natural for any organisation that has to deal with such a large client flow. Another natural thing though is the hackers’ interest in putting their hands on this data.
Still, it’s too early for any worries and privacy concerns. It is unclear whether the company is planning to pay the ransom or ignore the requirements. Only in the case of the latter Cl0p will publish the data or offer it for sale, on their leak site or elsewhere. The company though claimed the attack through the third party – specifically, Pilot Credentials app. However, this attack is not likely related, as Cl0p did not list another victim of the Pilot Credentials – Southwest Airlines. Moreover, the app website itself is not present on leak site as well. All this points at the fact that we are spectating a new breach.
How dangerous can this hack be?
Well, as I said, Cl0p is not a hack group that plays child’s play. Their hack most likely touches internal company information, including info on its staff and financial situation. The latter may be exceptionally sensitive, as during the pandemic, the company had some serious financial strugglings. Uncovering them may not be very pleasant to the company, as well as showing the ways they have beaten these problems.
Another side of a problem, actually, a more sensitive one, touches the possibility of customers’ data leak. This brings not only problems for people who fly with American Airlines, but also the possibility of legal consequences to the company. It becomes even worse when we remember that hackers usually put an incredibly high price tag for keeping some really important data in secret. That number may sometimes even exceed the ransom sum for file decryption.
Though, those are just my guesses. Same as anyone interested in cybersecurity does, I will keep my eye on both newsletters, the company’s public claims and Cl0p’s Darknet site. It’s almost clear that all the details will appear in a week or two.
So if you account was hacked at American and you had 1.1 million miles stolen from my account, American couldn’t care less. I want my miles back, what is the recourse here?