By Lyan Ware Contributor
In a letter sent to the office of the New Hampshire Attorney General, a lawyer representing American Airlines detailed a security breach that impacted over 1700 people. According to the airline, the attack was identified on July 5, after reports from the airline’s employees said they were getting phishing emails sent to them from a fellow employee’s account.
On September the 16th, American Airlines began sending out notifications to the affected parties of the breach. The airlines also provided impacted individuals with a complimentary two-year membership to Experian’s IdentifyWorksSM, an identity-theft protection plan that includes credit monitoring and identity restoration services.
The unauthorized actor gained access to the accounts by using an IMAP protocol in order to send out the phishing emails. A major security vulnerability involving the use of IMAP email protocols is that, by design, it accepts plaintext login credentials. Cyber security professionals have tried to address this by configuring IMAP software to enable Transport Layer Security (TLS) encryption. However, without other measures such as MFA for remote access or the use of zero trust models to restrict IMAP access, unauthorized users can still exploit this vulnerability.
Office 365 is especially vulnerable, which is how the threat actor infiltrated American Airlines employee email accounts. Users of Office 365 can reconfigure their accounts to be more secure by selecting the SSL server type to encrypt their incoming mail through server port number 993. For outgoing messages, server port number 587 should be used to encrypt the data.
Cases like this one are why teaching cyber security hygiene and best practices is so important, like using strong passwords and MFAs. Organizations should hold regular trainings and enact policies to reinforce vigilance with compliance. It is especially imperative to cultivate a work culture that is proactive in best practices for cyber security.