Implications of Malaysian Airlines website hack

1. What are the implications of this attack to MAS, what could possibly have gone wrong?

As a rule, a compromised website is the result of vulnerability exploitation in the web-application. In exceptional cases, infrastructure serving the site can be compromised.

In this case, the Domain Name System (DNS) of Malaysia Airlines was attacked by hackers and, as a result, users were redirected to an illegitimate web-resource (URL).

2. How to overcome this kind of threat in the future?

Compromised DNS-servers can result in any of the web-resources/URLs hosted by the vulnerable DNS service provider being hacked. To avoid this, the DNS service provider needs to closely monitor the security of the infrastructure. In return, the client must be able to respond to an incident and be able to instantly change the DNS-record if hacking occurs.

3. How to prevent these kinds of attacks?

History reveals examples of attacks on DNS service providers where the attacker gained access to the control panel of DNS-records. To prevent hacking in such a situation the service provider’s clients are advised to use strong passwords for their accounts in such control panels.

4. Do you know who the attackers are?

Unfortunately, we have no accurate information about the attackers who carried out the incident.

5. So, is the customer data safe?

We also can’t guarantee the security of Malaysia Airlines’ customer data, because there are no technical details available regarding the incident. However, it can be said that the attackers redirected visitors to a web-resource that they controlled, and where they could implement various attacks on the visitor including downloading malicious code.