Boeing, a major aircraft manufacturer and aerospace & defence contractor in the US, has confirmed the ransomware attack. A week before, on October 27, it was listed by LockBit ransomware on their Darknet site. Now, Reuters agency has confirmed that the incident was real.
Boeing Hacked by LockBit
On October 27, 2023, LockBit cybercrime group added a record of the Boeing company on their Darknet website. Hackers use this page to claim the successful attacks; they keep the listings until the victim pays the ransom. Further, if the bill is not paid off, hackers publish the leaked data or negotiate its re-selling to a third party.
This model though has a couple of features to talk about. There were enough cases when LockBit was listing the company they have never actually hacked into, and instead hacked one of the subsidiaries or contractors. Once researchers noticed the Boeing company listed on the Darknet leak site, they were hoping that this is exactly what happened. But, as it turned out, things are less optimistic.
A couple of days later, Boeing’s listing disappeared from the negotiation website. Soon after, VX-Underground researchers got confirmation from LockBit representatives that they began negotiations with the company. And in several days on, Boeing themselves claimed about the “cyber incident”. This is a doubtless confirmation that the company itself was the target.
Boeing Confirms Ransomware Attack
On Wednesday, November 1, 2023, the Boeing company officially claimed the investigation of a cyberattack that touched several of its divisions. The company particularly names distribution and parts businesses being main points of impact. From the other side, LockBit claims to possess a huge amount of sensitive data stolen from the hacked network.
Well, there is a silver lining – Boeing says there’s no threat to flight security. Other things are less promising, especially considering Boeing’s massive contracts with the US military. Uncle Sam will not be happy to see blueprints and documents to the military equipment and weapons leaked. This becomes especially sour once we remember about possible relations of the LockBit gang to Russia.
Either way, the leak of such information would be a disaster, so it is clear why the company agreed upon paying the ransom. Actually, they did not claim it, but the deadline for the payment was on November 2, and the listing on the LockBit Darknet site did not reappear. And for sure, these hackers are not those who would kick the can and delay the publication of such a leak.
What then?
Over the last few months, Boeing hack has become one of a few hacked companies. A lot of ransomware groups switched to attacks on educational orgs, and keep going in this streamline so far. The Boeing hack should become a cold shower for companies who may have thought that they are not in the reticle anymore, and there’s no need to enhance their cybersecurity.
Passive protection measures like network monitors and security solutions are helpful, that is out of the doubt. But keep in mind that preventing the most common attack vectors is what can provide the best security. Cybersecurity training for personnel, network architecture that excludes most common entry points, latest security patches implementation – all this will save money, image and time.