About that San Francisco Airport breach

Last week we covered security for travel by sea, this week we take a look at the sky.  Not that air travel is as prominent right now as it usually is, but don’t expect that to deter cyber criminals.  Airports are still a massive trove of personal information, and hackers are exploiting the COVID chaos for their advantage.  Two websites owned by the San Francisco International Airport, and, were recently targets in March.  The intruders’ goal seems to have been employee credentials, stolen with malicious code injected into the environment.  These would be used as a launching pad to get to network accounts and the airport’s online services via employee laptops and devices.

Approximately 8,000 credentials associated with one of the sites were found on the Dark Web.  Fortunately, the airport reset all the credentials of the compromised accounts as a precaution.  Employees tend to use the same credentials in other places within a company network, so it could have left them wide open to another breach, making this a necessary step to take.  The malicious code has also been removed from the site, and any further access by the intruders should be stifled.

The most recent reports are claiming that the culprits in this case were state-backed Russian hackers, a group known as Energetic Bear (it’s always a bear, isn’t it).  According to ESET, they were after “the visitor’s own Windows credentials,” which would indeed allow them to proliferate across the airport’s network, whether for spying or sabotage purposes.

Naturally, most of the airport staff is now working remotely with the rest of us, and reportedly using company Virtual Private Network (VPN).  This is one of the steps we recommended in a recent post on cybersecurity during COVID-19.  The question of access from a distant location is as crucial for airport employees as anyone, and VPNs can frustrate unauthorized attempts to get sensitive information.  If state hackers are going to ramp up their actions in the aviation space during this extra risky time, people will need to be on heightened alert if they aren’t already.


By: Jonathan Weicher, post on April 15, 2020
Originally published at:
Copyright: NetLib Security