Why Are Airlines So Vulnerable to Cyberattacks?

31

Cathay Pacific Airways in October revealed a hacker had accessed the personal information of 9.4 million customers, making it the latest airline data breach to date. As Kelly Sheridan points out in her recent article Buckle Up: A Closer Look at Airline Security Breaches, it wasn’t the industry’s first and it won’t be the last because, “airlines and airports are hot targets for cyberattackers, whose motivations range from financial and identity theft to cyber espionage.”

The Cathay Pacific breach was just one of three to make recent headlines. In August, Air Canada reported a mobile app breach that affected 20,000 people. In September, British Airways disclosed a breach which compromised 380,000 passengers, and learned just a month later that 185,000 more were affected by a second attack.

Why have airlines become prime targets for hackers? The answer requires only one word: data.

Airlines collect enormous volumes of passenger data, including credit card information and passport numbers, from their reservation and scheduling systems and frequent flyer programs. According to Sheridan, “for attackers hoping to cash in on sensitive data, the aviation industry is a gold mine.” And as the risk of suffering a data breach rise, so does the risk of failure to comply with PII/PCI regulations and tougher data protection laws such as GDPR.

Deploying technologies such as tablet-based electric flight bags (EFBs), in-flight entertainment and Wi-Fi connectivity systems (IFEC) increases the attack surface by expanding the number of targets attackers can use to gain access to systems and the data stored on them. A U.S. Department of Transportation (DOT) report cites the rollout of wireless technologies to give passengers access to wireless networks and the internet, and the growing adoption of IoT devices to perform functions such as increasing fuel efficiency and automating repairs, as two key avenues that create new vulnerabilities.

Further complicating matters is the challenge of securing remote infrastructure such as airplanes can be cost prohibitive, or impossible, to patch even after discovering a vulnerability.

Airlines also face the cybersecurity talent shortage that plagues so many industries, which makes it difficult to hire the cybersecurity experts they need. According to the (ISC)² 2018 Cybersecurity Workforce Study, the global shortage of cybersecurity experts has reached 2.93 million, posing a growing risk to businesses worldwide struggling to find, hire and retain skilled employees.

Protecting today’s complex infrastructure requires a fundamental change in how the industry approaches security. Airlines can’t stop all malware from getting in, but they can stop damage to infrastructure and data theft using PARANOID’s OS-Centric Positive Security.

El Al Airlines has implemented Nyotron’s PARANOID to prevent malware attempts to exfiltrate, corrupt, encrypt or delete data, corrupt system settings, move laterally or communicate with command and control servers. To learn more, read our airlines industry solution brief, available here.

Improving cybersecurity must be a priority for the airline industry in 2019. The infamous OilRig (aka APT34) nation-state actor used airline passenger data for espionage and target tracking purposes. A chilling session at this year’s Black Hat conference titled “Last Call for SATCOM Security” detailed how some of the largest airlines might have left their entire fleets accessible from the Internet, exposing hundreds of in-flight aircraft. Fortune reported that a DHS official presenting at the 2017 CyberSat Summit cybersecurity conference revealed he had remotely hacked the systems of an airplane parked at the Atlantic City airport. A slide from his presentation warned, “Today’s commercial aviation backbone is built upon a network of trust. Most commercial aircraft currently in use have little to no cyber protections in place.”

Rene Kolga is Senior Director of Product and Marketing at Nyotron, the developer of PARANOID, the industry’s first OS-Centric Positive Security solution to strengthen your AV or NGAV protection. By mapping legitimate operating system behavior, PARANOID understands all the normative ways that may lead to damage and is completely agnostic to threats and attack vectors. When an attack attempts to delete, exfiltrate or encrypt files (among other things), PARANOID blocks them in real-time.