The French-based aviation firm, Safran Group, suffered a data breach caused by a misconfiguration of its systems.
The breach made it vulnerable to cyberattacks for around 18 months. Sensitive information was leaked, including the Laravel app key, MySQL credentials, Simple Mail Transfer Protocol credentials, and the JSON Web Token key.
These could have given cyber criminals access to the company’s database, confidential documents, and employee computers. They could also have launched malicious attacks, including web shells or stolen the company’s equipment.
As one of the top aerospace suppliers, with revenues in excess of €19bn, Safran Group’s leak could have impacted not just the company, but also its customers in the aviation sector.
Safran Group has already experienced cyberattacks in the past. In 2011, cyber criminals attempted to map the company’s computer system between 2009 and 2010, and in 2018, there was another attempt on the company’s internal network.
Hackers believed to be linked to a state security ministry in China were suspected of collaborating with six hackers and two insiders at the Chinese office to steal jet engine blueprints.
The aviation industry is a prime target for cybercriminals because of its critical infrastructure. The industry has already experienced disruptions this year, such as when an alert system responsible for notifying pilots and airlines of potential dangers experienced a glitch that resulted in the temporary suspension of domestic flights throughout the US.
In February, Scandinavian Airlines suffered a cyberattack that knocked its website and mobile app offline for multiple hours. Anonymous Sudan claimed responsibility for this attack.
Cybernews has urged Safran Group to change leaked credentials and increase security measures.
It is essential that the keys used are in longer bit-lengths and encoded using secure encryption or hashing algorithms. The company should consider whether its platform needs to be accessible through the internet or only through a VPN, which would provide an additional layer of security.
Due to Safran Group’s position in the aviation supply chain, with only one hop between the company and the aircraft builders that use its products, a supply-chain attack could have a far-reaching impact, posing a risk to the company and its customers in the aviation sector.
