As one of the world’s most recognizable airlines, this airline operates more than one thousand flights daily. They are ranked in the top 10 airlines, globally, and were named one of the best companies to work for by Forbes.

Because it employs so many people and flies so many passengers on an annual basis, protecting the privacy of its customers is always a top priority. This airline’s massive global footprint of data, infrastructure, employees, passengers, and digital assets makes it a frequent target of cyberattacks.

The Problem

Night Lion Security’s threat intelligence team became aware of a threat actor selling admin access to their internal infrastructure and was actively attempting to exfiltrate data from the organization.

A threat actor had successfully gained admin access to the Airline’s Office365 account, resulting from the admin re-using passwords across multiple services. The hacker was able to use the administrator account to pivot to other locations within their Azure environment. Access to those systems was being sold in very private circles. The sale of this access or exfiltration of any private data would have caused a catastrophic situation for the organization, especially if it fell into the hands of a nation-state or terrorist organization.

The Solution

After establishing the threat and sale as credible, Night Lion Security’s CEO, Dr. Vinny Troia, immediately contacted the head of the airline’s cybersecurity team to brief them on the emerging situation. Even with this information, the actor was able to evade detection by their security teams.

Dr. Troia continued to build rapport with the hacker. Once trust with the threat actor had been established, Troia was able to persuade the attacker to run a series of commands within the infrastructure as proof of his network access. Those specific commands allowed the airline to isolate the rogue admin account and completely lock the actor out of the network.