Recently, on the march, two websites affiliated with San Francisco International Airport (SFO) were compromised with code, enabling attackers to hijack device login credentials from users who visited these sites. Thus airport officials have disclosed and stated in a notice of data breach report, SFO has warned potentially impacted users to modify their Windows passwords accordingly.
SFO is also a major gateway to Europe and Asia with flights to over 50 international cities via 45 international carriers.
“The attackers inserted malicious code on these websites to hijack some users’ login credentials,” as per the message revealed to both site’s homepages by the SFO’s Airport Information Technology and Telecommunications (ITT) director said via SFO Data Breach noticed.
However, the Users possibly impacted by this attack involving those accessing websites from outside the airport network via Internet Explorer on a Windows-based personal device or a device not managed by SFO.
SFO Reset all the Users Password
Apart from al these things, it has been said that anyone who visited either site outwardly of the managed network system and applied Internet Explorer on a Windows device to do, should change their Windows login password directly.
Well, the airport suggested that anyone who even visited either website utilizing the Internet Explorer web browser, outside of its controlled network, to switch the device’s password applied to log into the endpoint hardware.
Moreover, SFO representatives forced a reset of all SFO associated email and network passwords on Monday, March 23, 2020. It also declared that the “malicious code was removed from the altered websites.”
Well, the site SFOConstruction.com is committed to SFO construction projects and is a clearinghouse for external third-parties interesting proposals and contracts attached to work associated with the airport. The other compromised site, SFOConnect.com, is a data hub for airport employees to obtain up-to-date airport security news attached to badges and ground shipping.
Thus, SC Media urged the CEO of cyber training and awareness firm Lucy Security, Colin Bastable to speculate how the attackers may have been able to hijack user device credentials when they entered the compromised site, it’s a situation that he imagined was “unlikely” before SFO eventually went on to verify it.
He speculated that the malicious code could have created a form field, mainly asking site guests to access their device credentials. Moreover, he also stated that alternatively, the malware inserted into the websites was capable of loading extra code onto the devices themselves.
So, what do you think about this? Simply share all your views and thoughts in the comment section below.