Boeing Investigates Cybersecurity Incident; Lockbit Threatens Data Leak

Boeing, a global leader in defense and space technology, has initiated an investigation into a recent cyber security incident that has affected segments of its parts and distribution business. The company is actively cooperating with law enforcement agencies to address the situation and its possible implications.
Boeing 737 MaxBoeing, which reported revenue of $18.1 billion reflecting 105 commercial deliveries during the third quarter of 2023, did not reveal the likely impact on its revenues in the coming quarters. Boeing has a backlog of $469 billion, including over 5,100 commercial airplanes.

This development comes shortly after the Lockbit cybercrime gang issued a ransom ultimatum, threatening to release a significant amount of sensitive data stolen from Boeing if the company failed to comply by November 2. Boeing, however, did not confirm whether the cyber incident it disclosed was indeed perpetrated by Lockbit.

A Boeing spokesperson stated, “This issue does not affect flight safety. We are actively investigating the incident and coordinating with law enforcement and regulatory authorities. We are notifying our customers and suppliers.”

Boeing’s parts and distribution business, a vital component of its Global Services division, plays a crucial role in providing material and logistics support to its customers, as outlined in the company’s 2022 annual report. Several webpages on the official Boeing website, containing information about the Global Services division, were temporarily unavailable due to technical issues. The company expects to restore access to these pages shortly, Reuters news report said.

Lockbit, a notorious ransomware group, ranked as the most active global threat last year in terms of the number of victims it targeted. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Lockbit has impacted over 1,700 U.S. organizations since 2020.

Lockbit’s modus operandi typically involves deploying ransomware to lock up an organization’s systems while simultaneously exfiltrating sensitive data for extortion purposes.

The exact nature of the data that Lockbit may have accessed from Boeing remains unclear. Brett Callow, a ransomware expert and threat analyst at cybersecurity firm Emsisoft, emphasized that paying a ransom does not guarantee the protection of stolen data. “Paying the ransom would simply elicit a pinky promise from LockBit that they will destroy whatever data they obtained,” Callow explained. “There would, however, be no way of knowing for sure that they actually had.”

The potential loss of military-related information in this incident could have serious ramifications. Boeing did not confirm whether defense-related data had been compromised.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has not yet provided an official response to Boeing’s statement. The situation continues to evolve, and stakeholders are closely monitoring developments in this cybersecurity incident.