Context
On May 25, 2022, multiple flights in India were grounded for several hours after the airline confirmed a ransomware attack on their internal systems that also disrupted their website functionality. On May 26, 2022, a small airline cancelled all flights leaving Gatwick in the United Kingdom from 1 to 3 p.m. BST due to an unspecified technical issue in their IT systems.
Analysis
It should be noted that there is currently no cause to suspect the two incidents are connected, especially in light of the lack of detail on either incident at present. As of this writing, there is currently no public information on:
- The nature of technical issues experienced by the small airline in the UK
- Technical details or attribution of the ransomware infecting the Indian airline
- Any ongoing investigations or mitigation efforts by the Indian airline
Maintaining effective operations amid constantly evolving system needs and cyber threat landscapes was already a difficult task prior to COVID-19. After the start of the pandemic, supply chain issues, travel restrictions, staffing issues, and rapidly changing cyber needs challenged all global organizations, hitting airlines especially hard. As a result, the task of maintaining operations and defending networks is increasingly difficult and critical. Consequences for cybersecurity and IT operations failure pose risks to many facets of business operations.
The interruptions at both airlines were significant in both monetary and reputational aspects. Service interruptions at both airlines caused significant public dissatisfaction among customers and resulted in negative press for the affected organizations.
These impacts demonstrate the criticality of IT system resilience through best practices such as response plans, business continuity plans, and backup operations. While cyberattacks and IT system failures cannot be entirely prevented, increasing system resilience by ensuring adequate backups for critical functions and clear actionable incident response playbooks can deter a majority of attacks and allow for swift mitigation of the most severe effects in the event of an attack. Business continuity plans can be a critical life saver for organizations to rapidly adapt posture and continue critical functions while responders work to restore system operations to normal after an incident.
RH-ISAC will continue to monitor the separate situations and will provide updates with any new details that emerge.
