On 26 December 2024 the Japanese second largest Airlines, Japan Airlines (JAL), fell victim to a massive Cyber Attack, impacting the services in both the International and Domestic sector. The attack has impacted both the External and Internal systems. The attack which started at 7:24 am local time (2224 GMT), was also officially confirmed by JAL. Suspected Distributed Denial-of-Service (DDoS) attack, is said to be the cause of the disruption, leading to delays and cancellations and other related operational lapses; a spokesperson from the airlines told news agency that the impact assessment and the restoration of the internal and external communication systems is underway.
Details of the Attack:
- Time of Attack: The attack began around 7:24 AM local time in Tokyo.
- Systems Affected: The attack primarily impacted JAL’s internal and external communication systems, including those responsible for ticket sales and flight operations.
Magnitude of the Attack:
A key router responsible for network communication was directly affected, leading to system malfunctions. Online and possibly offline ticket sales were disrupted due to the attack. The attack affected both domestic and international flight operations. JAL temporarily shut down the router that was causing system malfunctions as a measure to mitigate the attack. At least 24 domestic flights were delayed by more than 30 minutes. JAL suspended ticket sales for all flights departing on December 26th as a precautionary measure.
Impact:
- Flight Delays: The attack caused delays for numerous passengers, disrupting travel plans.
- Operational Disruption: JAL had to temporarily shut down critical systems, impacting its ability to manage flights and sell tickets.
- Financial Impact: The attack likely resulted in financial losses due to flight delays, system recovery efforts, and potential reputational damage.
- Customer Inconvenience: Passengers faced inconvenience due to flight delays and the suspension of ticket sales.
Conclusion:
JAL took immediate action to mitigate the attack by shutting down the affected router. Systems were restored, and ticket sales resumed later in the day. The cyberattack on Japan Airlines highlights the increasing vulnerability of critical infrastructure to cyber threats. JAL is likely conducting a thorough investigation to determine the exact cause of the attack and enhance its cybersecurity measures. Airlines and other organizations must prioritize robust cybersecurity measures to protect their systems and ensure operational continuity. Continued BCP drills, with practiced Resillence should also be part of the routine activity, especially to Critical Information Infrastructure like Airlines, etc.