Following the intrusion of Passenger Service System supplier SITA in February 2021, personal data belonging to almost 4.5 million of Air India’s customers was exposed two months later. As a result, Air India announced a data breach.

On March 19, the national airline of India alerted travellers that SITA had been the target of a cyberattack.

In a breach notification sent over the weekend, Air India stated: “This is to inform you that SITA PSS, our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers), had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers.”

Around 4,500,000 data subjects around the world were impacted by this incident.

The airline also said that between August 2011 and February 2021, there was a data breach that affected passenger information.

Nevertheless, it was discovered after looking into the security incident that neither passwords nor credit card information were obtained.

To prevent any hack attempts and ensure the security of their personal information, Air India advises its customers to change their login information.

According to an additional statement from Air India [PDF], “The breach involved personal data registered between 26th August 2011 and 3rd February 2021, with details that included name, date of birth, contact information, passport information, ticket information, Star Alliance, and Air India frequent flyer data (but no password data were affected), as well as credit cards data.

The CVV/CVC numbers for this last type of data, however, are not stored by our data processor.

We place the utmost value on protecting the personal information of our clients, and while we sincerely apologise for any inconvenience, we also value their continuing patronage and confidence. — India Air

Impact of data hack on Star Alliance members
Along with Air India, almost a dozen other airlines also warned customers that some of their personal information was compromised after a breach of SITA’s Passenger Service System (PSS), which manages everything from booking tickets to boarding.

SITA also acknowledged the situation and stated that it had contacted all relevant organisations and the impacted PSS users in early March.

When this happened, a SITA representative informed BleepingComputer that the breach affected the data of travellers from various airlines, including:

In terms of passengers carried, Lufthansa ranks second in Europe when combined with its subsidiaries; Member of Star Alliance and a partner of Miles & More
The national carrier of New Zealand is Air New Zealand.
Singapore Airlines is the nation’s primary airline.
Scandinavian Airlines (please disclose);
the national airline of Hong Kong, Cathay Pacific
The first and biggest low-cost airline in South Korea is Jeju Air.
The national airline of Malaysia is Malaysia Airlines.
The national airline and major airline of Finland is Finnair.
Some of these airlines, notably the largest airline in Europe, Lufthansa, are a part of the Star Alliance, a worldwide airline alliance with 26 members, which also includes Air India.

According to Star Alliance, its members also exchange customer information important to giving travel rewards.

Names of members, membership numbers in frequent flyer programmes, and programme tier status are the only pieces of information provided.

For this reason, a lot of people are beginning to use software to manage their internet business reputation. This is done to make sure they have all the information they require about a clinic, hospital, or other establishment before taking a person there. However, patients must use this software package in order for this to happen. to ensure that they are providing reviews and compliments for the technique they examined. All of these advantages and benefits come from using this monitoring software application for your clinical procedure or company.

It encourages the marketing of a facility or clinical practise.

The fact that it encourages the marketing of the medical practise or establishment is one of the most important reasons why using online reputation monitoring in the healthcare industry is a great idea. However, this will only help the company if you receive positive reviews, recommendations, and comments.

It promotes advertising and marketing because the software will make it much easier for people to find the practise online if they are looking for it. After that, they may choose if this is something they should consider employing or not. However, it will also include negative remarks and also evaluations.

letting your patients know how your practise is doing

When you employ physician internet reputation monitoring software, you can be sure that you are telling your clients the truth about your practise. enabling them to express exactly how they perceive the technique or clinic in their own words. And they believe that what they believe can change the approach to make it much better for the patients.

Because you aren’t the one waiting in the waiting room, this is a great concept. In addition, they might have access to information that you do not. Giving your people a voice in your strategy can be a smart idea because of this. When they create an online evaluation, they can accomplish this.

Make it easier for others to find you online.

Generally speaking, this benefit is the same as the marketing and advertising benefit. Due to the doctor’s online reputation monitoring software, specifically a Google search, people can find your approach online. making it simpler for new customers to find your approach.

However, they will also find this to be simpler if you receive a lot of negative feedback. This is why, if any of your current patients are leaving comments, you need to make sure they are all good. Regardless of whether there are techniques that can’t be found online, this can help or hurt your practise.

provides a mechanism for you to communicate with people

It gives you a way to communicate with people thanks to the medical online Amazeful reputation management software. Make sure potential customers can tell that you genuinely value your clients’ experiences in your waiting area and with your service.

The only thing to keep in mind is that, under any circumstances, you should never comment negatively on someone. The only thing that can determine whether you’ll get new patients or not is what you do.

enabling you to improve the flaws in your approach.

Users of Windows 10 have begun to get phoney Windows 11 upgrade installers, tricking them into downloading and running RedLine stealer software.

The attacks took place at the same time that Microsoft announced the broad deployment phase for Windows 11. As a result, the attackers were well-prepared for this move and waited for the ideal time to maximise the effectiveness of their operation.

As the most extensively used password, browser cookie, credit card, and cryptocurrency wallet information thief at the moment, RedLine stealer infections can have serious negative effects on the victims.

The initiative

The attackers exploited the “windows-upgraded.com” domain for the malware distribution portion of their campaign, according to HP experts who have detected this effort.

When a visitor selected the “Download Now” button on the website, a 1.5 MB ZIP archive with the name “Windows11InstallationAssistant.zip” was downloaded directly from a Discord CDN. The website looks to be an official Microsoft website.

Decompressing the file yields a folder with a size of 753MB and a remarkable compression ratio of 99.8%, which was made possible by the executable’s inclusion of padding.

An encoded parameter starts a PowerShell process when the victim runs the programme in the folder.

A.jpg file is then retrieved from a distant web server when a cmd.exe process with a 21-second timeout has finished running.

The DLL in this file is organised in reverse, maybe to avoid detection and analysis.

The first process then loads the DLL and swaps it out for the current thread context. That DLL is a RedLine stealer payload that uses a TCP connection to communicate with the command-and-control server to receive instructions on what malicious operations should be performed next on the recently compromised system.

Outlook
Nothing prevents the actors from registering a new domain and continuing their campaign even though the distribution site is currently unavailable. In fact, it’s quite likely that this is already taking place in nature.

Due to hardware compatibility issues, many Windows 10 customers are unable to download Windows 11 via the official distribution channels. Malware operators see this as a great opportunity to recruit new victims.

The strategies disclosed by HP are not surprising at this time, as threat actors are also use Windows’ legitimate update clients to execute malicious code on compromised Windows systems, as BleepingComputer discovered in January.

Remember that these risky websites are advertised through forum postings, posts on social media, and instant messages, so only rely on the official Windows upgrade system alerts.