In this week’s digest, we take a closer look at two notable cybersecurity incidents. The first involves Air Arabia, a UAE-based airline recently named on a ransomware group’s leak site, with attackers claiming to possess data from more than 18,000 employees. The second case concerns Gerar, a Brazilian non-profit organization focused on helping young people find jobs and internships, which fell victim to a data breach that exposed hundreds of gigabytes of sensitive personal records.

This time yet another UAE company got involved in a security incident. The ransomware gang added Air Arabia to the leak site on the 25th of October. Air Arabia is a low-cost airline with the main hub at Sharjah International Airport. Criminals claim to have access to more than 18,000 company employees’ records.

Yet, no sample of data has been provided to prove the credibility of claims. It is possible that more details about the potential data breach will be published in the coming days, as a six-day deadline was set before publication of allegedly stolen data to press Air Arabia into a negotiation process.

This incident is a continuation of the ongoing trend of attacks on the aviation industry. Only in this year we can mention the cyberattack on the International Civil Aviation Organization in January, the ransomware attack on the Kuala Lumpur International Airport in Malaysia in April, and several attacks on European organizations in the last months. Companies from the transportation sector are desirable targets for criminals, as any operational disruptions lead to large revenue losses.

At the same time, criminals don’t hesitate to target non-commercial organizations. In this case, they can monetize stolen records, selling them on dark web forums or for the preparation of highly convincing and realistic phishing attacks. One such victim is Gerar, a Brazilian non-profit entity.

The company goal is to help young people with employment and internships. To conduct its activities, Gerar has to collect and operate large troves of sensitive personal data. Criminals announced that they were able to exfiltrate about 546 GB of data. In contrast to previous news, this time the ransomware gang published a sample of data to verify their claims. Independent researchers were able to investigate the sample and confirmed that it includes confidential records.

Researchers were able to identify several types of documents, such as medical checkups, scanned IDs, military service documents, and contracts between individuals and educational institutions. It's safe to say that leaked data includes the following records:

• Names
• Contacts (email, phone numbers)
• Date of birth
• Addresses
• Taxpayer IDs
• Income and education data.

Such a large list of data is valuable for criminals, as it can be used for various illegal activities. Stolen national ID and taxpayer ID numbers enable identity theft, while other personal records can make phishing and social-engineering attacks far more convincing.

It is a wise choice to address security issues preemptively, before damage is done. But which measures are proving to be the most effective and in demand today? From our experience, data discovery and data classification are among the most discussed topics.

Data discovery allows organizations to locate all copies of sensitive files across corporate infrastructure, providing full visibility and control over local and cloud-based storage. Data classification is a logical step forward, as a security system analyzes the content of all discovered documents and marks files with special labels to manage user access rights.

The SearchInform team has developed Risk Monitor, a Next-Gen data loss prevention system, which combines data discovery and data classification with leak prevention to ensure the safety of confidential data. The solution provides comprehensive protection in a single platform, enhancing the productivity of security specialists and facilitating system management.