I recently heard about the San Francisco Airport Ransomware Attack. It always fascinates me as to how these attacks occur. In this case, it was through 2 different websites related to the airport. Hackers were able to infiltrate the website and send emails out to employees. Once they did that, they were able to obtain login credentials. Once into the systems, The attackers inserted malicious computer code on these websites to steal some users’ login credentials. Users possibly impacted by this attack include those accessing these websites from outside the airport network through Internet Explorer on a Windows-based personal device or a device not maintained by SFO. After investigating the incident, SFO discovered that the attackers might have gained access to the affected users’ usernames and passwords.
SFO removed the malicious code injected within the two compromised websites and took them offline after discovering the attack.
San Francisco Airport Ransomware Attack
Once discovered, the airport had all users change their credentials not only for email and networks, but for everything they use personally. Keep in mind that many people use the same password for many things. It is good practice to change ALL passwords on a regular basis. If you ever suspect something, ask someone. Don’t just think “hmmm that was weird”. It never hurts to ask.
Sheryl Cherico, CEO of Tier3MD and Discovery Computers and Forensics