San Francisco International Airport victim of cyber-attack
The hack of employee web sites belonging to the San Francisco International Airport has been attributed to a Russian hacker group who used the SMB protocol to steal Windows passwords.
Last week BleepingComputer broke the story that the San Francisco International Airport (SFO) experienced a cyberattack in March 2020 whose goal was to steal the Windows logins for employees of the airport.
At the time, it was not known precisely how this was being done, but new information posted on Twitter by cybersecurity firm ESET sheds some light on the attack and how it was used to target Windows logins. SFO is also a major gateway to Europe and Asia with flights to over 50 international cities via 45 international carriers.
Attackers injected malicious code to steal credentials – “SFOConnect.com and SFOConstruction.com were the targets of a cyberattack in March 2020,” the memo reads.
“The attackers inserted malicious computer code on these websites to steal some users’ login credentials.” “Users possibly impacted by this attack include those accessing these websites from outside the airport network through Internet Explorer on a Windows-based personal device or a device not maintained by SFO.”
After investigating the incident, SFO discovered that the attackers might have gained access to the affected users’ usernames and passwords. SFO removed the malicious code injected within the two compromised websites and took them offline after discovering the attack.
“The airport also forced a reset of all SFO related email and network passwords on Monday, March 23, 2020,” the data breach alert adds
Reference:
https://www.bleepingcomputer.com/news/security/covid-19-testing-center-hit-by-cyberattack/
Contact Us
Learn more about what Techcess CyberSecurity Group can do for your business.
1-833-TXCYBER
1-833-892-9237
Techcess CyberSecurity Group
6110 Clarkson Lane
Houston, Texas 77055
Techcess CyberSecurity Group
Houston, Texas 77055