Modernizing Authentication — What It Takes to Transform Secure Access
The site's home page was briefly replaced with an image of a lizard smoking a pipe and the statement, "404 - Plane Not Found. Hacked by Lizard Squad - Official Cyber Caliphate."
No reason was given for the attack, indicating that it may simply have been a target of opportunity.
In a statement on its Facebook page, the airline said, "Malaysia Airlines confirms that its Domain Name System (DNS) has been compromised where users are re-directed to a hacker website when www.malaysiaairlines.com URL is keyed in. At this stage, Malaysia Airlines’ web servers are intact. The airline has resolved the issue with its service provider and the system is expected to be fully recovered within 22 hours. The matter has also been immediately reported to CyberSecurity Malaysia and the Ministry of Transport."
"Malaysia Airlines assures customers and clients that its website was not hacked and this temporary glitch does not affect their bookings and that user data remains secured," the airline added.
In response, Lizard Squad tweeted an image of what appears to be an email inbox containing several passengers' booking information, followed soon after by the statement, "We would like to point out that @MAS is lying about user data not being compromised."
Trey Ford, global security strategist at Rapid7, told eSecurity Planet by email that while the apparent breach caps off a terrible year for Malaysia Airlines, it's reasonable at this point to assume that the airline is telling the truth and that no data was stolen.
"A quick review of the timeline seems to validate Malaysia Airlines’ statement that DNS was compromised," Ford said. "The Airline’s security response team would be able to piece together a timeline of events rather quickly; the investigation path on something like this is fairly straightforward, albeit reliant on third party participation from the Domain Registrar, a DNS provider or others."
"I have no hesitation in believing the systems managed by the airline were not impacted or undermined in the course of this event," Ford added.
As a result, Ford said the attack is likely little more than a nuisance from an operational perspective. "This strikes me as an attack of opportunity more than a focused compromise," he said. "Due to the simple 'defacement page,' overt announcement of the compromise, and lack of additional malice, I believe this was more a press stunt or redirection on the part of the attackers claiming to be Lizard Squad."
Photo courtesy of Shutterstock.