Analysis
Attacks and Vulnerabilities
Industrial Cyber Attacks
News
Transportation

Bombardier suffers cybersecurity attack in isolated IT network

February 25, 2021
Bombardier

Jet-maker Bombardier confirmed on Wednesday that it had been a victim of a cybersecurity breach on what it described as purpose-built servers, which were isolated from the main Bombardier IT network. Forensic analysis revealed that personal and other confidential information relating to employees, customers and suppliers was compromised, with about 130 employees located in Costa Rica impacted, the company said in its statement.

Bombardier, however, described the attack as “limited.” The company said in its statement that it “was not specifically targeted—the vulnerability impacted multiple organizations using the application,” without naming the application.

The ongoing investigation indicates that the unauthorized access was limited solely to data stored on the specific servers, Bombardier said. Manufacturing and customer support operations have not been impacted or interrupted. The Canadian maker also did not  release information on what was specifically targeted, or what vulnerability affected multiple organizations using the software.

“Bombardier will continue to assess the situation and stay in close contact with its clients, suppliers and employees, as well as other stakeholders,” the statement added.

An initial investigation revealed that an unauthorized party accessed and extracted data by exploiting a vulnerability affecting a third-party file-transfer application, according to the company. Bombardier is currently in over 12 countries, including its production/engineering sites and its customer support network.

In line with established cybersecurity procedures and policies, Bombardier initiated its response protocol upon detection of the data security incident. As part of its investigation, Bombardier sought the services of cybersecurity and forensic professionals, who provided external confirmation that the company’s security controls were effective in limiting the scope and extent of the incident.

The attack on Bombardier may be an extension of widespread hacking involving Accellion’s file transfer appliance product, according to reports.

Earlier this week, IT services provider Accellion released details that Mandiant, a division of FireEye Inc., had identified UNC2546 as the criminal hacker behind the cyberattacks and data theft involving Accellion’s File Transfer Appliance product. “Some of the published victim data appears to have been stolen using the DEWMODE web shell,” the statement added. Mandiant is tracking the subsequent extortion activity under a separate threat cluster, UNC2582.

Following the vulnerabilities detected in the Accellion File Transfer Appliance, cybersecurity authorities of Australia, New Zealand, Singapore, the U.K, and the U.S. have released a Joint Cybersecurity Advisory. Global hackers have exploited these loopholes to attack multiple federal and state, local, tribal, and territorial (SLTT) government organizations as well as private industry organizations including those in the medical, legal, telecommunications, finance, and energy sectors.

With the Accellion file transfer application that is used to share files, attackers have from mid-December taken advantage of four vulnerabilities to target FTA customers. In one incident, an attack on an SLTT organization potentially included the breach of confidential organizational data. In some instances observed, the attacker is believed to have extorted money from victim organizations to prevent public release of information exfiltrated from the compromised Accellion appliance.

On Wednesday, IBM Security X-Force released data that found that in 2020 manufacturing organizations were faced with an onslaught of ransomware and other attacks. The manufacturing industry overall was the second most targeted, followed by finance and insurance, having been the eighth most targeted industry in 2019. This is likely to have been driven by the interest that malicious actors have in targeting infrastructure with connections to operational technology (OT).

Likewise, the energy sector jumped from ninth place in 2019 to third place in 2020, further underscoring attackers’ focus on industrial control systems (ICS) incidents and OT-connected organizations last year.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems