CAse Study

Severe Cyber Attack Thwarted in a Major Airline: Crew Management and Passenger Safety Data Safeguarded

Ensuring the security of an aviation company by addressing a critical stealer malware infection.

the customer

A leading Asian aviation company

Industry

Aviation

Geography

Asia

CloudsEK Product
XVigil
XVigil
Modules
Malware Logs
Attack vector

Stealer Malware

USe Case

Leakage of credentials and sensitive information from personal computers through stealer malware.

Sensitive crew credentials leaked

due to stealer malware infection

Unauthorized dashboard access prevented

by immediate isolation and remediation

Operational security restored

through robust incident response

Ready to get started?

Request a Demo

Challenge: 

CloudSEK XVigil discovered that a stealer malware had compromised multiple systems within a major Indian aviation company. This malware exfiltrated stored credentials from browsers on personal computers belonging to various employees, including Captains, First Officers, and Lead Cabin Attendants. These credentials were found on unauthorized platforms, highlighting a significant security breach.

Impact: 

Compromised credentials can be exploited by threat actors to access and manipulate an organization's internal network. For the aviation company, the leaked credentials could have helped threat actors access highly sensitive data, like captain pairing and schedule, crew management portal and employee details.

This could have caused operational disruptions and risk to airline and passenger safety.

Solution: 

CloudSEK XVigil Data Leak Monitor detected and addressed the malware infection, preventing further damage and securing the compromised systems.

Implementation:

  1. Detection:
    • CloudSEK XVigil discovered exfiltrated credentials from employees' personal computers on unauthorized platforms.
    • The compromised credentials included those of Captains, First Officers, and Lead Cabin Attendants.
  2. Threat Analysis:
    • XVigil identified the malware as stealer malware, which had compromised critical endpoints of the aviation company.
    • The analysis revealed the potential use of stolen credentials for lateral movement, data exfiltration, and persistent access by threat actors.
  3. Immediate Actions:
    • The airline's infosec team isolated the compromised computers to prevent further spread of the malware.
    • A thorough review of access logs was conducted to identify any potential data exfiltration or manipulation.
    • A Root Cause Analysis (RCA) was performed to determine the origin of the infection and implement preventive measures.
  4. Preventive Measures:
    • Employees were educated on avoiding untrusted links, email attachments, and unverified executable files.
    • A strong password policy was enforced, with periodic password changes.
    • Employees were discouraged from storing passwords in web browsers.