HomeinvestigationsCyber ​​attack on Larnaca Airport hermesairports.com by RootAyyildiz!

Cyber ​​attack on Larnaca Airport hermesairports.com by RootAyyildiz!

Larnaca Airport cyber attack hermesairports.com: It seems that the Turkish hacker RootAyyildiz Turkish Defacer continues his attacks on critical infrastructure in Cyprus, without being stopped by the competent authorities. According to EXCLUSIVE information of SecNews, from reliable internet sources, the would-be hacker of our neighboring country attacked and extracted databases with secret (?) -According to him- data of employees and customers of Larnaca Hermes Airport. HermesAirports has taken over the management and control of Larnaca and Paphos International Airports.

Larnaca Airport cyber attack hermesairports.com by RootAyyildiz
Larnaca Airport cyber attack hermesairports.com by RootAyyildiz

RootAyyildiz Turkish Defacer, the "Father of Turkish hackers" as hackers call it in their communication forums, it has proven to be one of the most dangerous hackers, with dozens of high-profile attacks on government targets in many countries (including Greece, Cyprus and the USA). With each successful hacking attack he manages to catch the eyes of the authorities and the security experts. Nevertheless, the Turkish hacker does not seem to be intimidated, on the contrary, at every opportunity, he attacks his next target.

His identity remains unknown to this day, with some saying he was either an individual or a group of hackers working with the neighboring country's secret services. For hackers internationally, he is a recognizable attacker with rich activity against targets, while his nickname (RootAyyildiz Turkish Defacer) is known in all hacking forums and the general public.

Turkish hacker
Larnaca Airport cyber attack hermesairports.com by RootAyyildiz - Turkish hacker

Note that a few days ago the Turkish hacker had carried out a successful attack through SQL injection in the information systems of the Ministry of National Defense of Cyprus (www.mod.gov.cy) according to exclusive information submitted to SecNews. RootAyyildiz Turkish Defacer managed to gain unauthorized access to the servers of the Ministry of National Defense of Cyprus. During the specific attack, emails and passwords of the admin accounts were stolen, while according to the information published on a messaging platform, it seems that he had gained access to the Ministry's databases that support the website and relevant internet services of the Ministry.

Learn more: RootAyyildiz Turkish Defacer: Turkish hacker attacks Cyprus!

Larnaca Airport cyber attack hermesairports.com by RootAyyildiz

This time, the target was Hermes Airports Ltd (backlink) which is controlled by Larnaca and Paphos International Airports of the Republic of Cyprus.

The hacker following the same strategy located and attacked via SQL injection failure on a website belonging to the Airport, infiltrated the company's servers and stole databases with personal data of employees and customers. More specifically, as the hacker claims (without being confirmed by SecNews so far) among the data that were violated we encounter interdepartmental conversations, correspondence via email of employees-clients, statements with monthly expenses of the company and databases with personal staff information (emails, names, contact details, passwords).

Related security news: Phishing attacks use fake COVID-19 vaccine searches to steal personal information

Larnaca Airport cyber attack hermesairports.com by RootAyyildiz Turkish hacker
Larnaca Airport cyber attack hermesairports.com by RootAyyildiz

Below you will find the relevant screenshots that prove the validity of the attack. Sensitive data has been hidden in the reported material for reasons of protection of society as well as the passwords of persons allegedly obtained by the Turkish hacker.

Attack screenshot

The name of the hacking attack by RootAyyildiz was "Let Ayse go on vacation".

Attack screenshot

As it is obvious, RootAyyildiz has gained SQL Shell access to a server with SQL Server 2008 R2 Standard edition, having the ability to search for raw queries in the database but also to extract data at will. A sample of his searches is shown below:

Attack screenshot

To emphasize that in this particular hacking attack as well as in the attack on the information systems of the Ministry of National Defense of Cyprus, after the evaluation of the data that were brought to our attention, we find that the Turkish hacker RootAyyldiz has the ability to corrupt data on the server, add / remove websites or distribute malware to unsuspecting users using the Larnaca Airport website! In addition, it is not clear from the screenshots that have been quoted regarding the type of personal data that have been extracted and are located on the targeted server, nor can the exact time of their extraction be determined. What is certain, however, is that the attack is ongoing.

See also: Microsoft - Users still do not update Windows 10

The SecNews had already warned that the critical infrastructure of Cyprus is in the sights of the hacker!

Larnaca Airport cyber attack hermesairports.com by RootAyyildiz Turkish hacker
Larnaca Airport cyber attack hermesairports.com by RootAyyildiz

In contact with the Turkish hacker on a well-known secure messaging platform that announces very important information regarding the attacks it carries out, after being informed about the attack against the Ministry of National Defense of Cyprus, SecNews warned through a relevant article / information that RootAyyildiz Turkish Defacer has targeted Cyprus and is preparing significant attacks on other critical infrastructure, but without specifying which ones.

More hacking attacks: Cyber ​​attack on innovation.gov.gr of the Ministry of Interior

Characteristically stated "Very difficult days await for Cyprus, There is too much data to be analyzed and leaked, RootAyyldiz wants to destroy Cyprus and will target banking and military systems". His threat seems to be turning into action, starting with the Larnaca and Paphos International Airport.

Larnaca Airport cyber attack hermesairports.com by RootAyyildiz
Larnaca Airport cyber attack hermesairports.com by RootAyyildiz

Hermes Airports Ltd

 On 12 May 2006, Hermes Airports Ltd took over the management and control of Larnaca and Paphos International Airports, based on a 25-year concession agreement with the Republic of Cyprus. This is a consortium of 9 shareholders, with Cypriots and international , based in Cyprus.

The construction works of the terminal buildings started immediately after the signing of the agreement, based on a Rapid Design and Construction Contract. The new building of Paphos International Airport was put into use in November 2008 while the new building of Larnaca International Airport was handed over to the public a year later, in November 2009. The Construction-Exploitation-Export project is the first privatization of its kind in Cyprus . The airports offer world-class and state-of-the-art facilities with an emphasis on excellent passenger and customer service.

They remain committed to efforts to optimize the connectivity of Cyprus, while upgrading the passenger experience. Both airports serve a total of more than 11 million passengers annually.

Source of information: https://el.hermesairports.com/

Larnaca Airport cyber attack hermesairports.com by RootAyyildiz - Turkish hacker

RootAyyildiz Turkish Defacer- Turkish Hacker

In hacking circuits he is called "The father of Turkish hackers" given his knowledge and hacking skills but also his successful hacking attacks. Among his successful attacks are critical Greek infrastructure. The Ministry of Foreign Affairs, the Ministry of Interior, the Ministry of Labor and many high-profile targets in Greece have been cyber-attacked by this hacker in the past.

Learn more about RootAyyildiz Turkish Defacer in his exclusive interview with SecNews.

SQL injection attack

SQL injection is a code injection technique that allows an attacker to "run" SQL statements against a target server. A successful SQL injection attack allows the execution of any query on the target database, which means the ability to collect important information, such as passwords, usernames, emails, credit card numbers, etc.

Larnaca Airport cyber attack hermesairports.com by RootAyyildiz Turkish hacker
Larnaca Airport cyber attack hermesairports.com by RootAyyildiz

These attacks take advantage of vulnerabilities in web applications that communicate with backend servers, where databases are stored. The abbreviation SQL comes from the words Structured Query Language (Structured Query Language). It is a programming language used to add, manipulate and retrieve data in a SQL database. Attackers can easily find out, with a few simple commands, if a page is vulnerable to SQL injection vulnerability. If they are, then they will be able to steal data, destroy it, and even become database server administrators.

SQL Injection news: Sophos fixes a SQL injection vulnerability in Cyberoam OS

Larnaca Airport cyber attack hermesairports.com by RootAyyildiz
Cyber ​​attack at Larnaca Airport hermesairports.com by RootAyyildiz

Preventive measures

  • The most important precaution, perhaps, is proper design, good construction and constant monitoring of the database, so that it is not vulnerable to this attack. 
  • Restricting server configuration data: Restricting access to the wrong parameters can reduce the likelihood of an attack on the target server. Although it does not offer 100% security, it is a first step security around databases.
  • Good knowledge of all SQL Servers on the network by administrators: First, administrators need to know how many SQL servers are on the network. This process may not be as simple as it seems, as most servers run on dynamic TCP ports and usually these servers only work when the user "needs" them. Therefore, some servers may not be active. SQL Ping, SQL scan and more specialized software could be used to find all SQL Servers.
  • Continuous updates. Software companies often release updates to fix potential vulnerabilities. Therefore, organizations must take care to update the applications, software and generally the systems they use, in order to stay safe.
  • Blocking access to specific server ports by unknown users: It does not offer absolute security, especially in SQL injection attacks, but it is an important security measure for the entire network of a company or organization. For example, closing UDP Port 1434 [this port is used to map Microsoft SQL databases] and all the TCP ports that SQL Server "listens to" can enhance security.
  • Adoption of strong admin-passwords. Using a strong password can prevent brute force, SQL injection and many other attacks. It is also suggested to change them frequently.

SecNews continues to investigate the incident and will keep you informed of anything new. Administrators should immediately download the website and conduct a forensics analysis of the data of the attack and all the servers that have been affected, in order to determine if additional internal information systems of the Airport have been violated, using as a jump point the server it hurts!