News: 1724697008

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Seattle airport 'possible cyberattack' snarls travel yet again

(2024/08/26)


The Port of Seattle, which operates the Seattle-Tacoma International Airport, is investigating a "possible cyberattack" after computer outages disrupted the airport's operations and delayed flights.

The internal internet and web systems outage occurred early Saturday morning, according to an Xeet by the official account belonging to the airport, which serves as a traffic hub for Alaska Airlines and Delta Air Lines.

In a subsequent Xeet, the Port of Seattle [1]confirmed it had "isolated critical systems and is in the process of working to restore full service and do not have an estimated time for return."

[2]

The disruptions continued through Sunday, with the airport urging travelers to check in before arriving at Sea-Tac, and give themselves extra time to get to their gates. We're told terminal screens were also experiencing technical difficulties, adding to the disruption.

[3]

[4]

Airport goers [5]reported long lines as multiple airlines issued tickets by hand, and local media said "thousands" of travelers were affected.

As of Monday, the Port's website remained offline. While airport and port authorities did not immediately respond to The Register 's inquiries about the cyberattack, including whether it was a ransomware infection, the transportation authorities told ABC that the federal government was involved in the probe.

[6]

"We are conducting a thorough investigation with the assistance of outside experts," Lance Lyttle, aviation managing director at Seattle-Tacoma International Airport, [7]said in a statement.

"We have contacted and are working closely with federal partners, including TSA and Customs and Border Protection," Lyttle added.

A CISA spokesperson told The Register : "CISA is aware and working with our stakeholders in monitoring the incident."

[8]

The likely cyberattack comes as ransomware gangs batter critical infrastructure including transportation organizations.

[9]Ransomware batters critical industries, but takedowns hint at relief

[10]Delta: CrowdStrike's offer to help in Falcon meltdown was too little, too late

[11]Halliburton probes 'an issue' disrupting business ops

[12]AMD internal data reportedly offered for sale

Of the 395 ransomware attacks claimed by criminals in July, more than a third (125 or 34 percent) targeted these critical industries, according to NCC Group.

The researchers [13]noted that these essential services and facilities make them "valuable targets" to financially motivated criminals, and said "ransomware actors pressure these targets into payment, exploiting their need to remain operational."

Plus, to make matters worse for weary travelers, the weekend cyberattack comes a month after a [14]faulty CrowdStrike update caused a global outage that also [15]snarled flights at airports around the world. ®

Get our [16]Tech Resources



[1] https://x.com/flySEA/status/1827442753564790910

[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Zsz7Bew@hKS-jz6zf6tZQAAAABU&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Zsz7Bew@hKS-jz6zf6tZQAAAABU&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Zsz7Bew@hKS-jz6zf6tZQAAAABU&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[5] https://x.com/bartpkelly/status/1827423729112207608

[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Zsz7Bew@hKS-jz6zf6tZQAAAABU&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[7] https://www.komonews.com/newsletter-daily/port-of-seattle-hit-by-potential-cyberattack-still-impacting-airport-operations-cyber-attack-airport-flying-airplanes-seattle-tacoma-sea-travel-sunday-operations-urges-outage-airlines

[8] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Zsz7Bew@hKS-jz6zf6tZQAAAABU&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[9] https://www.theregister.com/2024/08/22/critical_industrial_ransomware/

[10] https://www.theregister.com/2024/08/08/delta_crowdstrikes_offer_for_help/

[11] https://www.theregister.com/2024/08/22/halliburton_investigates_incident_amid_cyberattack/

[12] https://www.theregister.com/2024/08/26/amd_internal_data_intelbroker/

[13] https://www.theregister.com/2024/08/22/critical_industrial_ransomware/

[14] https://www.theregister.com/2024/07/25/crowdstrike_timeline/

[15] https://www.theregister.com/2024/07/19/crowdstrike_shares_sink_as_global/

[16] https://whitepapers.theregister.com/



Lets rethink these things.

oreosRnice

I think it’s time these “critical” infrastructure systems became disconnected from the internet.

Or at lease employed a significantly tight and secure network. A singular company being able to push an unverified patch that crippled travel across the globe….. time for new ideas.

Is it more automation? Bring back the human element? Since apparently the human error argument can’t be used. Or who ever is maintaining these networks needs to be replaced with someone more competent.

Re: Lets rethink these things.

Anonymous Coward

If you say "who ever is maintaining these networks needs to be replaced with someone more competent" then would the current attitude replace them with AI? This is not a complaint but networks seem to be designed in a way that makes hacking too easy.

RCA

EricM

> Is it more automation?

Well, more automation with poorly understood failure modes is exactly what brought us to the current status.

my personal Root Cause Analysis : The whole security thingy has been so fu**ed up in 3 simple steps:

1) Deploying knowingly insecure Windows OS to run critial systems - I'm in this industry since 1991 and I never understood how you can select any incarnation of Windows since then to run server workloads.

2) Trying to "fix Windows Security" with layers over layers of 3rd party AV/EDR snake oil that depends on high-frequency updates and introduces its own bugs and attack vectors, AI, Machine Learning, whatever to somehow remediate just the known Win security problems

3) Create general rules like PCI DSS, NIST, etc., that codify the resulting over-complex mess and make it mandatory for everyone, even those using sane operating systems. Note this is usually named "compliance", not "security", for obvious reasons ...

Result: A wrong update of a major EDR company in 2024 can take out a good part of the commercial Internet servers over night.

Not only Windows, Linux, too.

So we tried to minimize Risk A (Windows Security) by creating Risk B (DOS by EDR), which is more probabable, more severe and escalates easily to an international, industry-wide scale.

And it does not even really fix the original problem - Windows security.

Rethinking this might be a very good approach.

Re: RCA

t245t

Bookmark the above post!

DoS by EDR: Denial of Service attack by Endpoint Detection and Response

:) Even an (ex)girlfriend of mine said that Linux is much better than Windows,
because of the messages on boot ("superb cyber feeling a'la Matrix :)").

- Gbor Lnrt on linux-kernel