New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Cyber-Attack Causes RavnAir to Cancel Flights Three Days in a Row

Alaskan based airline RavnAir has been forced to cancel a total of 19 flights since Saturday due to a “cyber-attack” on one of their systems. So far very few details have been released on exactly what took place during the attack. One of the few details being shared is that the system which was directly impacted by the attack was the “IT maintenance system” for their airline’s Dash 8 aircraft. The attack forced the airline to disconnect the maintenance system and its back-up, resulting in canceled flights for approximately 260 passengers. The airline does not currently know when operations will be returning to normal but have said that customers should expect the flights to be impacted for the next week.

Analyst Notes

Often when securing a network, the focus becomes major control systems and high-value systems. Lower level maintenance systems tend to be easily forgotten because their impact on business operations is undervalued, or their value to attackers is overlooked. In many cases, these smaller systems provide a valuable entry point into networks for attackers. In the case of attackers looking to disrupt operations, these smaller systems typically allow attackers a chance to severely disrupt daily operations. An attack like this should be a wakeup call for many that every system has value to an attacker and that all systems used in a business’ operations should be properly evaluated for security and defense against attackers. Regular security audits, vulnerability scans, and penetration tests can help a business to defend against an attack, or at the very least recover faster and more completely from an attack. Companies such as TrustedSec provide a valuable service to businesses in allowing them to better understand the risks they face from attackers against all of their systems. Binary Defense recommends security professionals employ a layered defense-in-depth strategy, including monitoring all workstations and servers for signs of attacker behaviors that can give an early warning of network intrusions before significant damage is done or operations are halted.

More information on this attack can be found at: