THE CLIENT: Airline
In 2017, this Major Airline recorded revenues amounting
to nearly $2.3 billion. The Airline carries about 20 million
passengers a year, and operates flights to about 69
destinations around the world and 29 international routes.
Fighting online fraud is a constant challenge for the aviation
industry. The Airline had fraud prevention technology in
place and was experiencing fraud rates consistently below
the aviation industry norm. However, the company wanted
to take its programme to a higher level. Continued growth in
online bookings and the ever-evolving nature of card-notpresent
fraud demanded a solution that was more scalable
and customisable. The goal was to reduce fraud-related
losses and make anti-fraud resources more productive,
while continuing to deliver a high standard of Customer
In early 2017, the Airline noticed unusual activity in their
systems and contacted law enforcement and cybersecurity
experts Cyber Intelligence House (CIH) to detect, monitor, report and counter
cyber-attacks in real time.
After conducting a cyber exposure assessment, CIH discovered that:
1) Hackers had obtained access to personal information on
781 past and present employees. This included 81 cases
of sensitive information of key personnel such as senior
management and the Board of Directors.
2) Cybercriminals had hacked into airline user accounts and
bank accounts, and selling millions of dollars worth of
Reward Points on the dark web.
3) Hackers had compromised servers and were spear
phishing and keystroke logging employee
They were skilled in crafting very convincing emails that
appear to have come from bosses or other trusted sources.
One click and the airline employees were transported to a
site where malware was fired into your computer and the
company network to which you are connected. This “driveby”
malware did not require any action by the user to infect
the machine-it was completely automatic once they landed
on the hackers’ page.
4. Leaked source code of internal company application. The
leak made it theoretically possible for someone with just
a laptop to command the aircraft, infect flight-control
systems with a virus, jeopardise the safety of the flight by
taking control and even take over warning or navigation
The incident proved to the organisation that identity theft
posed a real threat. After analysing an array of solutions
available in the marketplace over 30 days, the Airline
selected CIH because it was the most comprehensive
and continuous monitoring platform in the industry. The
platform was implemented in June 2017, and included:
1. Quick and simple implementation.
CIH's experienced fraud experts were on site
throughout the implementation phase, ensuring a smooth
process of internal and external vulnerability scans and
management. CIH also worked with the Airline’s fraud
managers to review and fine-tune the airline’s security
policies and security architecture. This included personnel
security, access controls, security awareness training
programs and an analysis of risks related to partners (such
as software-as-a-service outsourcers, cloud services and
any other services that can affect sensitive and proprietary
The process only took two days – a fraction of the time
compared to other software implementations – and
involved two Airline employees on a part-time basis.
2. Awareness training and spear phishing testing for staff.
CIH leverages intelligence gathered from its machine
learning engine to identify high-risk individuals within an
organsation. Once identified, CIH put in place tools to
periodically and automatically train and test the security
awareness of these employees with simulated spear
3. New endpoint protection.
Unpatched software was patched. Good patching rules
were put in place.