AirAsia targeted by Daixin ransomware group losses valuable customer data
Air Asia was recently attacked by a ransomware group on November 11 and 12. Daixin team has taken the responsibility of the attack and reportedly five million customer records have been exposed. The attack came to limelight when a security researcher, Soufiane Tahiri shared the news on Twitter while sharing the screenshot of a listing of Daixin group that was available on the dark web.
Air Asia is one of the largest airlines in Malaysia and a low-cost airline. This airline has its operations spread to more than 24 countries and covering approx. 165 destinations. Also, in international travel and airline awards, Air Asia has been named as the World’s best low carrier for the last 13 years. While the recent attack has put the airline in limelight as the size of the data leak is vast.
The leaked data which was shared by the Daixin group shows two spreadsheets that contain passengers personal information such as Name, date of birth, contact details along with staff’s information pertaining to employee’s residential details, time when the employee was hired and the list of secret questions and answers that is used to secure the accounts.
The hacker group had demanded a fee when it shared the sample of the encrypted database with Air Asia. Though, the group claims that it didn’t encrypt any critical files pertaining to flying to avoid any life-threatening situations. However, the group had restricted access to staff and passengers until their demands are met.
The Daixin group was able to infiltrate in Air Asia’s network as it was poorly configured without any policies. The network protection was also very weak which added to their advantage. As Air Aisa has no intention to pay the demanded ransom, the hacker group has decided to publish the stolen data along with the backdoors that can allow other hackers to access the network.
With the data openly available on dark web along with the backdoors that are open will open a door for other threat actors to infiltrate into the airlines network and could pose a threat to the airline.