Japan Airlines Co. Ltd. had to cancel or delay dozens of flights today because of a cyberattack against its network infrastructure.

The New York Times reported that the company delayed more than 40 domestic flights. Two more were canceled. Additionally, Japan Airlines briefly suspended ticket sales for Thursday flights to both domestic and international destinations. 

Certain other parts of the company’s operations were affected as well. Its mobile app temporarily went offline, while tools for booking last-minute upgrades and standby seats became unavailable as well. According to Japan Airlines, the cyberattack didn’t affect flight safety and the hackers didn’t access any customer information.

Japan Airlines is Japan’s flag carrier. It operates passenger planes under its own brand and also runs more than a half-dozen regional airlines, plus a logistics business that specializes in air freight. Japan’s other major carrier, ANA Airlines, was not affected by the cyberattack.

Japan Airlines first became aware of the cyberattack this morning. At 7:24 a.m. local time, the company identified an issue in a router that links its infrastructure to other organizations’ networks. Japan Airlines shut down the system about 90 minutes later and took steps to remediate the cyberattack. 

“The cause of the failure and the impact range of the system issues have been identified, and the system has been restored,” Japan Airlines said in a statement. 

It’s believed the router at the center of the incident may have been targeted by a DDoS, or distributed denial-of-service, attack. Japan Airlines said in a statement that there was “no customer data leakage or virus damage,” which hints that the hackers didn’t install malware on the router. This is often the case with DDoS attacks, which attempt to disrupt systems not using malware but rather by overwhelming them with malicious network requests.

DDoS campaigns frequently target external-facing network devices such as the routers that connect a company’s internal hardware to the web.

Many enterprise routers include features for mitigating DDoS attacks. Cisco Systems Inc., for example, provides a software tool called Secure DDoS Edge Protection with its router portfolio. According to the company, the technology detects DDoS campaigns with more than 99% effectiveness and can automatically block them in less than 10 seconds. 

Under the hood, Cisco’s software and similar products from rivals use machine learning to detect malicious traffic. They also make use of historical telemetry about DDoS campaigns. When a router that uses Secure DDoS Edge Protection spots a DDoS attack, it can share information about the incident with other routers in the network to help them filter the malicious traffic. 

Shortly before the Japan Airlines outage, American Airlines Group Inc. also had to delay flights on account of a networking issue. The incident, which lasted for about one hour on Christmas Eve, was attributed to a problem in a piece of partner-managed network equipment. The issue has since been resolved. 

Photo: Toshi Aoki/Wikimedia