Pierluigi Paganini
March 18, 2024
The experts emphasized the importance of rigorous cybersecurity risk assessments for airports and proactive threat intelligence in the context of the activity of major ransomware groups and advanced threat actors.
As geopolitical tensions rise globally, there’s a heightened risk of destructive cyberattacks in the civil aviation industry and aerospace sector. Resecurity has detailed recent notable activities of threat actors targeting these sectors.
Lockbit 3.0, one of the most active ransomware groups targeting these sectors, has launched attacks on several notable companies. It attacked Bangkok Airways, a major airline company in Thailand, in September 2021, Israeli aerospace and defense firm E.M.I.T Aviation Consulting in October 2021, Kuwait Airlines in June 2022 and Air Albania in 2023 with the most recent update in March 2024.
In an increasingly fragmented geopolitical landscape, influenced by the war in Ukraine and rising tensions in the Middle East, the aerospace sector’s designation as critical infrastructure has become a double-edged sword. At last year’s Aviation Week conference, United Airlines Director of Cybersecurity Jen Miosi highlighted this issue, stating that being labeled as critical infrastructure makes the aerospace sector more visible and vulnerable to cyber threats. This heightened visibility inevitably paints a target on the sector’s back, attracting threat actors who aim to exploit this critical infrastructure for their agendas.
The label of ‘critical infrastructure’ has not only raised the profile of the aviation sector but has also made it a more enticing target for advanced persistent threat groups and hacktivist collectives. Speaking at last year’s conference, Jeffrey Troy, the CEO of the Aviation Information Sharing and Analysis Center (Aviation ISAC), highlighted the escalating threat from hacktivist groups. These attackers engage in cyber activities to support specific political agendas, and according to Troy, this threat is undoubtedly on the rise. He noted that the outbreak of war in Gaza has particularly intensified hacktivist activities targeting the aviation sector.
The modern aviation sector’s attack surface has significantly expanded, largely due to the integration of various remote systems. According to a report published last year by Aerospace Testing International, the sector’s vulnerability has grown with the adoption of technologies like IoT sensors, actuators, biometric readers, robotics, and cloud applications, all of which require web connectivity. The report also highlighted additional security risks stemming from the use of mobile phones and the implementation of bring-your-own-device (BYOD) policies. Critical systems such as reservation systems, flight history servers, ticket booking portals, flight management systems, and cabin crew devices have been identified as key targets for hackers.
Resecurity’s recent report sheds light on the alarming increase in malicious cyber activities targeting the aerospace sector, revealing a 68% rise compared to last year. The report underscores the critical role of comprehensive cybersecurity risk assessments in preventing cyberattacks. Furthermore, it discusses the essential threat-modeling approaches necessary for industry stakeholders to develop a robust security posture within their organizations. By anticipating and preparing for potential cyber threats, the aerospace sector can better safeguard itself against the evolving landscape of cyber risks.
Additional details are included in the report published by Resecurity:
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Aviation and Aerospace Sectors)
