Reports are emerging that hackers are selling access to Pakistani Airlines’ network after a group of researchers discovered a marketplace listing offering access to the airline’s system for a price.
Researchers working for an Israeli-based intelligence firm, KELA said they discovered a listing on the dark web selling access to Pakistani International Airlines’ network, stating that admin access was on offer for around $4,000.
They have reportedly been monitoring that same threat actor’s movements online and say that they have supplied access to more than 38 different buyers and have profited around $118,700 from selling access to compromised sites.
KELA says that hackers selling access to Pakistani International Airlines’ network were listed on a number of Russian-speaking forums, as well as one English-language forum that the researchers were monitoring for potential fraudulent activities.
A spokesperson for KELA has told Infosecurity Magazine that “we’ve been tracking a threat actor that just last week published domain access for sale to Pakistan International Airlines’ network.”
The researchers fear that sales of administrator access for the airline’s network could be a catalyst for ransomware campaigns and other forms of cyber attacks being launched against both Pakistani International Airways, as well as customers that have flown with the airline in the past few years.
“Most of the time we’re seeing cyber-criminals purchase these initial accesses to gain an initial foothold into the victim’s network, from which they can then perform lateral movement to advance their access privileges and potentially employ ransomware or some other type of attack.”
Researchers at KELA have confirmed that aside from administrator access being sold on the marketplaces, cybercriminals were also selling “all the databases that exist in the airline’s network,” according to a report.
Vendors have published samples of the databases, according to KELA, who says that they contain “all people’s information who use Pakistan Airline including name, last name, phone number, passport.”
“The actor mentions that what he is selling includes around 15 databases all with different amounts of records – some around 500k records and some around 60-50k records- but that all records stored in their network are included.”
Researchers at KELA say that “what’s interesting is that this actor takes two different approaches to try and monetize,” suggesting that the hackers in question are looking for every possible avenue to profit from their compromising of PIA’s network. They also warned that “we know he has more accesses that he offers in private,” meaning that there are potential back-ends into reputable organisations that are yet to be revealed.