Troubled carrier Malaysia Airlines confirmed on Monday that hackers compromised its DNS records to redirect its visitors to a page apparently owned by Lizard Squad.
The airline said its web servers are still intact, adding:
“The airline has resolved the issue with its service provider and the system is expected to be fully recovered within 22 hours.
The matter has also been immediately reported to CyberSecurity Malaysia and the Ministry of Transport.
Malaysia Airlines assures customers and clients that its website was not hacked and this temporary glitch does not affect their bookings and that user data remains secured.”
Hacking group Lizard Squad appears to be claiming responsibility for the attack, which redirected visitors to a page with its logo and the words “404 – Plane Not Found” and “Official Cyber Caliphate.”
The group, which was pegged for high profile DDoS attacks which took out the PlayStation Network and Xbox Live last year, claimed that – contrary to the airline’s statement – it had actually compromised Malaysia Airlines’ servers and would soon “dump some loot” found on them.
The Malaysia Airlines site was up and running at the time of writing.
Trey Ford, global security strategist at Rapid7, said he believed the carrier was telling the truth, branding the incident “an attack of opportunity more than a focused compromise.”
"A quick review of the timeline seems to validate Malaysia Airlines’ statement that the DNS was compromised,” he argued.
“The airline’s security response team would be able to piece together a timeline of events rather quickly; the investigation path on something like this is fairly straightforward, albeit reliant on third party participation from the Domain Registrar, a DNS provider, or others. I have no hesitation in believing the systems managed by the airline were not impacted or undermined in the course of this event.”
Mark James, security specialist at Eset, added that if Lizard Squad is in fact telling the truth, Malaysia Airlines passengers could be exposed to future attacks.
“This is a very brutal attack as it has a direct impact on the families that have recently been affected by the Malaysia Airlines disasters. If the hackers have in fact taken customer data then some very vulnerable people could potentially be the subject of future targeted email attacks,” he claimed.
“If any personal details about customers have been taken then they could be targeted with phishing emails and spam about Malaysia Airlines, which they could be convinced into opening – especially if they are expecting to receive news regarding family and friends from the company."