SITA, an IT systems vendor for 90% of the global aviation industry, has been used as an instrument for a sophisticated international supply chain attack.
Like all supply chain attacks, the impact of this breach is likely to be proportional to the compromised vendor’s partner network, which isn’t good news for SITA.
SITA’s client base of over 400 airlines includes prestigious names like Qantas Airways, Qatar Airways, Pacific Airlines, American Airlines, NASA, Japan Airlines, United Airways, Emirates, and British Airways just to name a few.
Potential victims are currently assessing their systems for evidence of compromise, but Singapore Airlines has already announced that around 580,000 of its customers have been impacted by this breach.
That’s over half a million customers impacted through a single partner - SITA has over 400 of them.
SITA said in their statement, that the breached data was located in U.S servers and that the data involved passenger information.
“SITA confirms that it was the victim of a cyber-attack, leading to a data security incident involving certain passenger data that was stored on SITA Passenger Service System (US) Inc. servers. Passenger Service System (US) Inc. (“SITA PSS”) operates passenger processing systems for airlines.” SITA said in their statement.
Supply chain attacks of this magnitude are not easy.
First, malicious code needs to be injected into a heavily guarded ecosystem. Then, the code needs to hide behind legitimate processes to prevent detection. Finally, a backdoor needs to be established to clandestinely exfiltrate all sensitive data.
To motivate such a highly complex operation, the bounty needs to be valuable, and in SITA’s case, it definitely was.
The SITA Passenger Service System (PSS) stores highly sensitive customer information including names addresses and passport data.
Because the SITA PSS ensures each airline can recognize the frequent flyer benefits of other airlines, the database was also storing alliance member data in addition to its customer data.
This attack further injures an industry already heavily wounded by Covid-19.
Global flight frequency change dropped to -43% YoY in January 2021, and this trend is unlikely to aggressively invert anytime soon. Continuous mutations in the Covid-19 strain make the road to recovery long and its horizons misty.
Businesses currently experiencing a downturn are focused on survival and not cybersecurity. Cybercriminals know this and intentionally target such businesses while their backs are turned.
Every industry, especially those experiencing a downturn, needs to start monitoring its vendor network for security vulnerabilities that could be exploited in a supply chain attack.