Dublin Airport latest victim of third-party Moveit cyberattack

3 Jul 2023

Terminal 2 at Dublin Airport. Image: DAA

DAA confirmed to SiliconRepublic.com that salary details of some of its employees were stolen in a recent cyberattack affecting professional services firm Aon.

Dublin Airport has been revealed as the latest victim of the Moveit cyberattack that has rippled across both sides of the Atlantic.

Pay and benefit details of some Dublin Airport employees were compromised recently in a third-party cyberattack affecting Aon, airport management company DAA confirmed to SiliconRepublic.com today (3 July).

DAA is one of several Aon clients understood to be impacted by the cyberattack that can be traced back to the Russian-speaking Clop ransomware group. Aon is contracted by DAA to compile and print personalised total rewards statements to some of its employees.

“DAA takes the security of sensitive personal information extremely seriously and has notified the Data Protection Commission of the third-party breach. DAA is offering support, advice and assistance to employees impacted by this criminal cyberattack,” a spokesperson said.

First reported on last month, the global Moveit breach, in which hackers exploited a zero-day vulnerability in the file transfer software, has affected companies and government agencies on both sides of the Atlantic, including banks, universities, insurance and healthcare providers.

Microsoft attributed the hack exploiting the Moveit zero-day vulnerability to Lace Tempest, a reportedly Russian-speaking cybercrime group known for similar ransomware operations and running the Clop extortion site.

Just last week, around 45,000 students within the New York City Department of Education system were announced as victims of the Moveit hack. The agency revealed that students’ personal information, such as social security numbers and birth dates, was stolen.

‘Could be your problem tomorrow’

Ryan McConechy, CTO at Barrier Networks, called the latest attack on Dublin Airport one that happened through a “supplier’s supplier”.

“In this instance, it looks like Dublin Airport was using services provided by Aon, while Aon was using services supplied by Moveit, which is how the malware initially got in and was then able to spread through the supply chain,” he explained.

“This highlights the very dangerous risks that can occur when supply chains are long and link multiple organisations together, sometimes without everyone’s knowledge. As a result, organisations must use this incident as a firm reminder about always vetting their supply chain.”

McConechy suggests organisations should not only assess their supplier’s security and compliance certifications, but also understand who they partner with and how an attack on one of their suppliers could impact their data.

“Long supply chains are inevitable in the digital world, but they should never compromise security. Minimising unnecessary data links, making sure all parties employ robust security programs and having visibility into how an attack can inadvertently impact other parties in a supply chain are all essential in avoiding these instances,” he went on.

“The time to check with your supplier is yesterday: Are they using Moveit? If yes, this could easily be your problem tomorrow.”

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Vish Gain is a journalist with Silicon Republic