Boeing ‘Cyber Incident’ Comes After Ransomware Gang Threat

Boeing, one of the world’s largest defence and space contractors, has reportedly confirmed it is investigating a ‘cyber incident’.

According to Reuters, Boeing said the cyber incident impacted elements of its parts and distribution business and it is co-operating with a law enforcement investigation.

The reported acknowledgement of a cyber incident at Boeing (there is no press release or SEC filing at the time of writing) comes just days after Russian-linked LockBit, one of the world’s most notorious ransomware gangs, announced it had stolen sensitive data from the aircraft manufacturer.

Boeing incident

LockBit reportedly said last Friday it had stolen “a tremendous amount” of sensitive data from the US aircraft manufacturer, which it would dump online if Boeing didn’t pay ransom by 2 November.

The Lockbit threat was no longer on the gang’s website as of Wednesday, and it didn’t immediately respond to a request for comment, Reuters noted.

Boeing reportedly declined to comment on whether Lockbit was behind the cyber incident it disclosed.

“This issue does not affect flight safety,” a Boeing spokesperson was quoted by Reuters as saying. “We are actively investigating the incident and coordinating with law enforcement and regulatory authorities. We are notifying our customers and suppliers.”

Boeing’s parts and distribution business falls under its Global Services division. It provides material and logistics support to its customers, according to the company’s 2022 annual report.

Some webpages on the company’s official website that had information on the Global Services division were down on Wednesday, with a message that cited technical issues, Reuters reported.

“We expect the site to be back up soon,” the pages said.

LockBit gang

Russia-linked Lockbit is the most active global ransomware group last year based on the number of victims, and it has hit 1,700 US organisations since 2020, according to the US Cybersecurity and Infrastructure Security Agency (CISA).

Most recently it was blamed for a compromise of a British high-security fencing supplier, Zaun Ltd, that apparently compromised data belonging to the UK’s Ministry of Defence (MoD).

LockBit has previously claimed responsibility for the ransomware attack on the Royal Mail earlier this year, and said it would publish stolen data if a ransom was not paid.

The Royal Mail refused to pay the ransom.

Previous LockBit victims also include TSMC, the world’s biggest chipmaker, and healthcare tech company Varian Medical Systems.

Zero-day vulnerability

William Wright, CEO of Scotland-based cybersecurity specialist Closed Door Security, said the Boeing attack looks to be down to a zero-day vulnerability.

“Once again we are seeing a hacking gang announcing a cyberattack well before a company is aware of it. But this is a situation that should be avoided,” said Wright. “When companies suffer attacks, they should have tools to detect intruders on their network, well before the attackers siphon data and publicly shame the business.”

“Based on the information available, it looks like the incident was executed via a zero-day vulnerability,” said Wright. “Which vulnerability remains to be seen, and we also don’t know if other criminal gangs are actively exploiting it as well. The sooner Boeing carries out its forensics into the attack the better. Defenders need to understand which vulnerability was exploited, so they can take steps to protect their systems.”

“The incident is another reminder of the importance of continuous security testing,” said Wright. “Organisations should not only test their assets internally to identify unpatched vulnerabilities and network weaknesses, but product and software vendors must also run assessments via bug bounties and development testing.”

“Once organisations implement these proactive assessments, it puts them in a much better position of identifying weaknesses in their systems, and patching them, before criminals have a chance to exploit them,” Wright concluded.

Boeing response?

Meanwhile Mike Newman, CEO of identity and access management firm My1Login said that attention must be paid to Boeing’s response, considering the US position of not engaging with ransomware criminals.

“Ransomware strikes again, and this time it is one of the world’s biggest aircraft manufacturers facing the consequences,” said Newman. “The timing of the attack is very interesting, especially given that the US has just pledged never to do business with ransomware criminals. It will be very interesting to see how Boeing responds.”

“Details into the attack are still emerging, but it does highlight that no organisation is immune to ransomware. Therefore, defences are the key goal,” said Newman. “This means keeping systems up to date with patches against vulnerabilities and using tools to protect staff against phishing, which is the number one attack vector for ransomware criminals.”

“This can be achieved using a modern workforce identity management solution that provides Single Sign-On and enterprise password management, enabling passwords to be used where applications rely on them, but have them hidden from the workforce so they can’t be stolen or disclosed in phishing scams as the workforce never see, know or manage their passwords,” said Newman.