The Canadian aircraft manufacturer Bombardier has suffered a security breach that saw threat actors stealing some of its data and publishing on a darknet site. Reportedly, the cyberattack was attributed to the Clop ransomware gang that specializes in anti-organizational breaches.
The Investigation
According to Bombardier, the organization launched an investigation to look into the matter as soon as the security breach was detected. A procedure was laid out in tandem with cybersecurity procedures and policies to handle the incident through an organized forensic process.
Essentially, the investigation plugged into the already-existing networks of professionals who confirmed the incident, and acknowledged the effectiveness of Bombardier’s security controls in limiting the scope and extent of the threat.
The airplane manufacturer went ahead to report the matter to the authorities, including law enforcement, in an effort to ensure appropriate damage control and a containment of the cyber situation.
The Findings
The investigation revealed that personal and other forms of sensitive information belonging to employees, clients, and suppliers were affected. It turns out that the information relating to more than 130 employees based in Costa Rica were compromised.
Since the start of the investigation, Bombardier has been hard at work to reestablish normalcy. To a great extent, much of their efforts have gone to communication – they have been contacting their clients and relevant stakeholders whose data was potentially affected.
Further, the investigators discovered that the cyber-attack was limited to the sets of data kept in specific servers. It turns out that the data belonging to the organization’s manufacturing and customer support departments lay intact.
Initial investigations showed that a threat actors succeeded in acquiring unauthorized access to the target data by taking advantage of a vulnerability associated with a third-party file-transfer application being used by several entities.
A press statement by Bombardier intimated that the application was operating on purpose-built servers that existed beyond the organization’s main IT network. Although Bombardier did not name the particular application, experts believe that they are referring to Accellion FTA – a web server that can be employed by organizations in hosting and sharing massive quantities of files that cannot be transferred via email to internal actors and customers.
Point to note, Bombardier asserted that they were not specifically targeted by the cyber security incident – rather, the unfortunate event compromised various other organizations linked to the same application.
The company provided an assurance that its team of experts will continue with investigations in assessing the situation and updating all potentially affected parties – its clients, customers, suppliers, and relevant stakeholders.
A Worrying Trend
The spate of cyber events have been witnessed over the past few years, with pundits pointing out that manufacturers have faced a majority of the attacks.
According to a 2021 threat intelligence index by IBM, manufacturing came second in the list of industry categories that faced threats. It turns out that the manufacturing industry moved from the eighth position in the year 2019 to become second the following year.
According to analysts, the drastic move may be attributed to newfound threat actor interest in targeting infrastructural establishments with links to operational technology. The same jump was witnessed in the energy sector, with the industry rising from position nine in 2019 to third in 2020.
The two observations highlighted the threat actors’ keen interest to target operational technology-connected companies in 2020.
In the same year, a hacking group is reported to have encountered a zero-day vulnerability in the FTA software, and began breaching companies across the world. The hackers are said to have taken over entire organizational systems, installed a web shell, and then went ahead to steal sensitive data belonging to customers and employees.
The Canadian aircraft manufacturer Bombardier has suffered a security breach that saw threat actors stealing some of its data and publishing on a darknet site. Reportedly, the cyberattack was attributed to the Clop ransomware gang that specializes in anti-organizational breaches.
The Investigation
According to Bombardier, the organization launched an investigation to look into the matter as soon as the security breach was detected. A procedure was laid out in tandem with cybersecurity procedures and policies to handle the incident through an organized forensic process.
Essentially, the investigation plugged into the already-existing networks of professionals who confirmed the incident, and acknowledged the effectiveness of Bombardier’s security controls in limiting the scope and extent of the threat.
The airplane manufacturer went ahead to report the matter to the authorities, including law enforcement, in an effort to ensure appropriate damage control and a containment of the cyber situation.
The Findings
The investigation revealed that personal and other forms of sensitive information belonging to employees, clients, and suppliers were affected. It turns out that the information relating to more than 130 employees based in Costa Rica were compromised.
Since the start of the investigation, Bombardier has been hard at work to reestablish normalcy. To a great extent, much of their efforts have gone to communication – they have been contacting their clients and relevant stakeholders whose data was potentially affected.
Further, the investigators discovered that the cyber-attack was limited to the sets of data kept in specific servers. It turns out that the data belonging to the organization’s manufacturing and customer support departments lay intact.
Initial investigations showed that a threat actors succeeded in acquiring unauthorized access to the target data by taking advantage of a vulnerability associated with a third-party file-transfer application being used by several entities.
A press statement by Bombardier intimated that the application was operating on purpose-built servers that existed beyond the organization’s main IT network. Although Bombardier did not name the particular application, experts believe that they are referring to Accellion FTA – a web server that can be employed by organizations in hosting and sharing massive quantities of files that cannot be transferred via email to internal actors and customers.
Point to note, Bombardier asserted that they were not specifically targeted by the cyber security incident – rather, the unfortunate event compromised various other organizations linked to the same application.
The company provided an assurance that its team of experts will continue with investigations in assessing the situation and updating all potentially affected parties – its clients, customers, suppliers, and relevant stakeholders.
A Worrying Trend
The spate of cyber events have been witnessed over the past few years, with pundits pointing out that manufacturers have faced a majority of the attacks.
According to a 2021 threat intelligence index by IBM, manufacturing came second in the list of industry categories that faced threats. It turns out that the manufacturing industry moved from the eighth position in the year 2019 to become second the following year.
According to analysts, the drastic move may be attributed to newfound threat actor interest in targeting infrastructural establishments with links to operational technology. The same jump was witnessed in the energy sector, with the industry rising from position nine in 2019 to third in 2020.
The two observations highlighted the threat actors’ keen interest to target operational technology-connected companies in 2020.
In the same year, a hacking group is reported to have encountered a zero-day vulnerability in the FTA software, and began breaching companies across the world. The hackers are said to have taken over entire organizational systems, installed a web shell, and then went ahead to steal sensitive data belonging to customers and employees.
