Ryanair remains tight-lipped over £3.3m hacker theft

Ryanair provided no details of how hackers took £3.3m from one of its bank accounts, as industry pundits call for greater collaboration

Ryanair has provided no details of how hackers were able to take £3.3m from one of its bank accounts.

The budget airline merely confirmed that the funds were removed from a Ryanair account last week by a fraudulent electronic transfer via a Chinese bank.

“The airline has been working with its banks and the relevant authorities and understands that the funds – less than $5m – have now been frozen,” Ryanair said in a statement.

“The airline expects these funds to be repaid shortly, and has taken steps to ensure that this type of transfer cannot recur."

Ryanair uses dollars to buy fuel for its 400+ Boeing 737-800 aircraft, and it is these funds that were tapped into by the hackers, according to The Irish Times.

The airline has not given any details of how the hacking scam was carried out, saying no further comment will be made as the matter is “subject to legal proceedings”.

Independent security advisor Graham Cluley said it was a shame that Ryanair had not been able shed more light on the details of how the hack might have occurred, or what steps it might have taken to prevent it from happening again.

Read more about cyber crime

Public-private sector collaboration

“After all, that information could prove useful to other organisations that wish to protect themselves from similar criminal activity,” he wrote in a blog post.

“If the airline has been able to fix the problem so quickly, it would presumably be simple for other organisations to make sure hey were taking similar precautions or proactive steps to avoid falling to the same fate."

At last week’s RSA Conference in San Francisco, Natalie Black of the Cabinet Office said 2014 saw a new level in co-operation between governments and public and private sector organisations in countering cyber attacks.

Commenting on the Ryanair hacker scam, Charlie McMurdie, senior cyber crime adviser at PwC and former head of the UK police central e-crime unit said there was a substantial increase in targeted cyber attacks as a result of IT or governance vulnerabilities being exploited, causing serious harm to business and other organisations.

“This can be in the form of stealing cash, data or having an impact on the organisation's reputation and the confidence and trust that customers and other stakeholders have in it,” she said.

Target organisations on hackers' radar

McMurdie said that, as the impact of cyber crime continues to grow, businesses and other organisations need to have confidence that they have appropriate security in place and can respond to defend themselves.

“The most recent figures from the Information Security Breaches Survey, conducted by PwC for the government’s Department for Business, Innovation and Skills (BIS), found that 81% of large organisations suffered a security breach, costing between £600,000 and £1.15m," she said.

News of the Ryanair cyber theft comes just weeks after IBM Security identified an active campaign using a variant of Dyre malware to steal up to $1.5m from targeted enterprises.

The campaign, named “The Dyre Wolf” by IBM security researchers, added sophisticated social engineering tactics to the Dyre malware to circumvent two-factor authentication.

The cyber criminals behind employees’ computers infected with the Dyre malware tricked them into calling a bogus bank official and disclosing credentials that allowed the criminals to transfer large sums of money out of the targeted business’s account.

While many popular banking Trojans have targeted individuals, Dyre has always been used to target organisations, according to John Kuhn, senior threat researcher at IBM.

“Since its start in 2014, Dyre has evolved to become simultaneously sophisticated and easy to use, enabling cyber criminals to go for the bigger payout,” he wrote in a blog post.

Read more on Hackers and cybercrime prevention

Data Center
Data Management