Use Case: Airline
THE CLIENT: Airline
In 2017, this Major Airline recorded revenues amounting to nearly $2.3 billion. The Airline carries about 20 million passengers a year, and operates flights to about 69 destinations around the world and 29 international routes.
Fighting online fraud is a constant challenge for the aviation industry. The Airline had fraud prevention technology in place and was experiencing fraud rates consistently below the aviation industry norm. However, the company wanted to take its programme to a higher level. Continued growth in online bookings and the ever-evolving nature of card-not-present fraud demanded a solution that was more scalable and customisable. The goal was to reduce fraud-related losses and make anti-fraud resources more productive, while continuing to deliver a high standard of Customer Service.
In early 2017, the Airline noticed unusual activity in their systems and contacted law enforcement and cybersecurity experts Cyber Intelligence House (CIH) to detect, monitor, report and counter cyber-attacks in real time.
After conducting a cyber exposure assessment, CIH discovered that:
1) Hackers had obtained access to personal information on 781 past and present employees. This included 81 cases of sensitive information of key personnel such as senior management and the Board of Directors.
2) Cybercriminals had hacked into airline user accounts and bank accounts, and selling millions of dollars worth of Reward Points on the dark web.
3) Hackers had compromised servers and were spear-phishing and keystroke logging employees. They were skilled in crafting very convincing emails that appeared to have come from bosses or other trusted sources. One click and the airline employees were transported to a site where malware was fired into their computers and the company network they were connected to. This “driveby” malware did not require any action by the user to infect the machine-it was completely automatic once they landed on the hackers’ page.
4. Leaked source code of internal company application. The leak made it theoretically possible for someone with just a laptop to command the aircraft, infect flight-control systems with a virus, jeopardise the safety of the flight by taking control and even take over warning or navigation systems.
The incident proved to the organisation that identity theft posed a real threat. After analysing an array of solutions available in the marketplace over 30 days, the Airline selected CIH because it was the most comprehensive and continuous monitoring platform in the industry. The platform was implemented in June 2017, and included:
1. Quick and simple implementation.
CIH’s experienced fraud experts were on site throughout the implementation phase, ensuring a smooth process of internal and external vulnerability scans and management. CIH also worked with the Airline’s fraud managers to review and fine-tune the airline’s security policies and security architecture. This included personnel security, access controls, security awareness training programs and an analysis of risks related to partners (such as software-as-a-service outsourcers, cloud services and any other services that can affect sensitive and proprietary data. The process only took two days – a fraction of the time compared to other software implementations – and involved two Airline employees on a part-time basis.
2. Awareness training and spear phishing testing for staff.
CIH leverages intelligence gathered from its machine learning engine to identify high-risk individuals within an organisation. Once identified, CIH put in place tools to periodically and automatically train and test the security awareness of these employees with simulated spear-phishing attacks.
3. New endpoint protection.
Unpatched software was patched. Good patching rules were put in place.