Bombardier confirms it was the victim of a cybersecurity breach

Posted on 26 Feb 2021 by James Devonshire

Bombardier confirms it was the victim of a cybersecurity breach. All eyes are on an old version of the Accellion FTA web server as the exploited weak point.

Canadian airplane manufacturer Bombardier has confirmed it was the victim of a cybersecurity breach, which saw the confidential data of customers, suppliers and approximately 130 Bombardier employees located in Costa Rica compromised.

Bombardier said in a statement on February 23, 2021 that it has ‘suffered a limited cybersecurity breach’. The firm revealed an initial investigation uncovered that an unauthorized party had accessed and extracted data ‘by exploiting a vulnerability affecting a third-party file-transfer application’.

The firm says it has been proactively contacting customers and other external stakeholders whose data was potentially compromised.

Manufacturing and customer support operations were “unaffected and uninterrupted,” according to Bombardier, adding that it was not “specifically targeted” by the cyber attack.

Bombardier has also notified law enforcement and is continuing to work with authorities as part of the ongoing investigation.

On a plus note, independent cybersecurity professionals and forensic experts have confirmed that Bombardier’s security controls were effective in limiting the scope and extent of the incident.

John Shier, senior security advisor at Sophos, told Security Magazine, “The breach announced by Bombardier on February 23, follows a February 22 announcement by Accellion acknowledging attacks against its legacy file transfer application. The significance of this breach is notable not only by its latest victim, but also in the aggregate of previous leaks attributed to the same criminal group and using the same vulnerability. It highlights the potential risks posed by legacy applications that are allowed to persist in production networks.

Shier added, “While it may be cold comfort to the victims of this breach, it is encouraging that some of Bombardier’s proactive mitigations helped contain the attack. This containment is an example of how companies can limit their supply chain risks. That said, the breach also exposed third-party information entrusted to Bombardier, which re-enforces the importance of end-to-end supply chain integrity. Each member of a supply chain must do their part in securing the assets under their control to mitigate the potential risks and harms to everyone else.”

Old version of the Accellion FTA file-sharing server likely to be the weak link

While Bombardier did not specifically name the infrastructure appliance that was breached, it was most likely the Accellion FTA, a web server that can be used by organizations to host and share large files with customers and employees.

Hackers have been exploiting a zero-day vulnerability in the FTA software since Christmas 2020, attacking companies worldwide, stealing data, and attempting to extort money from organizations.

In a press release on February 22, 2021, Accellion said that out of 300 of its customers running affected FTA servers, 100 were the victims of an attack, and that data was stolen from around 25.

Bombardier is headquartered in Montréal, Canada, and has a presence in more than 12 countries. The Corporation supports a worldwide fleet of approximately 4,900 aircraft in service with a wide variety of multinational corporations, charter and fractional ownership providers, governments and private individuals.

* Header image courtesy of DepositPhotos