Cyberattacks against the aviation industry are nothing new, but with the inclusion of Internet-capable devices at the basic level of embedded devices to in-flight Wi-Fi and connected aviation systems, there are more avenues than ever that threat actors can exploit.
Successful attacks which have compromised systems and caused severe disruption to fliers and airlines alike have hit the spotlight in recent years.
In 2015, Polish airline LOT was forced to cancel 10 flights and delay over a dozen after asuccessful cyberattack against ground systems. This year, Istanbul’s Ataturk and Sabiha Gokcen airports’ passport control systems were the target of attacks and a group of threat actors believed to have originated from China hijacked airport announcement systems in Vietnam.
Spear phishing is one of the most common attack vectors in which fraudulent emails contain malicious documents or links to fake websites used to later infect computer systems relating air traffic control, civilian aviation authorities, airlines, booking systems and manufacturers.
“The aviation sector is incredibly vast and its systems are numerous,” the executive says. “Most of these systems have weaknesses and many are not well protected from threats.”
As we saw in Vietnam, hacktivists can use airline information displays to get their political message out, but this is not the most serious problem facing the aviation industry today.
The majority of attacks against airlines and players in the aviation industry are for financial gain. Airlines store huge amounts of personal information on their passengers, credit card data and payment details which can be stolen and sold on the Dark Web, potentially leading to hefty profit margins for attackers.
If a cyberattack compromises an air traffic control system, for example, these groups can steal information related to how controllers identify aircraft, how communication systems work, and data on surveillance technology related to radar and satellite signals.
This information is not only valuable for the Chinese government and military, but this intelligence, alongside airline and airport infrastructure information, can be used for both political and criminal purposes.
The executive noted:
“Access to these systems can also facilitate covert operations by enabling them to issue badges to operatives, bypass security cameras, and so on.”
In addition, Boland says that data stolen in attacks against aviation firms may be used to enhance China’s own defense and aviation markets, with the country seeking to improve its domestic aviation capabilities.
The security expert said that as China has “historically turned to outside sources for this information,” cyber espionage is no surprise — and so far, FireEye has spotted China-based threat groups which have targeted intellectual property which would help them manufacture their own aircraft and become more competitive.
While China appears to be a leading threat to players in the aviation industry, cyberattacks as a whole will likely continue to grow as a problem for the sector due to the lure of intellectual property and valuable data stored within.