BA admits through a memo that their cyber security system has been compromised.
With every passing day, it is becoming more evident that even the largest companies in the world are struggling to keep up with advancements in techniques used by hackers.
Unfortunately, the difficult position that BA finds itself in now has no easy solution. A leaked memo released by The Register shows management at BA were already considering outsourcing their security operations to a third party, suggesting that they felt their internal capabilities were no longer sufficient.
Over the last few years, offensive capabilities used by criminals have matured at a rate that far outpaces the development of internal capabilities used for detecting and preventing attacks.
Although the details of how customer credit card information was compromised have not yet been publicly disclosed, we believe that BA hackers were most likely able to gain access by exploiting vulnerabilities within BA’s website and mobile booking systems.
There are many ways the BA hack could have taken place:
- A web platform vulnerability could have been used to gain remote code execution on the server, as was seen recently with Apache Struts in the case of Equifax;
- A web application attack like SQL injection could have been used to extract transactions from the backend database, as was seen recently with TalkTalk;
- The internal code repository may have been compromised via a developer account as a result of phishing.
A BA case study released by Microsoft last year also inadvertently leaked information about certain elements of their internal mobile system architecture, pointing out the use of legacy Oracle systems that are likely to be unpatched or even out of support. BA is not unique in these deficiencies and we continue to see similar systems and platforms belonging to companies of all sizes falling victim to hacking attacks. The integrity of any system or platforms that’s currently considered to be secure is constantly being challenged and it’s only a matter of time until a vulnerability is discovered.
It’s exactly for this reason that we take a holistic approach to securing our customer networks. As well as monitoring the behaviour of the underlying network traffic, out team of trained penetration testers and analysts continuously review internal systems for potential vulnerabilities and weaknesses and implementing compensating controls until the system is fixed or patched.
If you would like to have a discussion on how you can protect yourself, please do contact me.