As a gateway to the external world, the aviation industry plays a strategic role everywhere. Any mistake in avionics, air-traffic controls, airlines, and airports can be costly.
Even minor errors or oversights may disrupt air-borne or in-space operations, customer services, ticket bookings, in-flight entertainments system, flight checking in and out, and security screening of passengers.
With the introduction of modern IT tools such as IoT devices, machine learning, cloud storage, and cloud computing in the aviation industry, cyber security has become paramount due to its inherent vulnerabilities. Flaws in cyber security can lead to the loss or exposure of stakeholders, staff, and customers’ personally identifiable information, credentials, intellectual properties, and intelligence theft.
Unfortunately, many major threat actors and Advance Persistent Threat (APT) groups very often target aviation infrastructure in collaboration with state actors to steal intellectual property and intelligence to advance their domestic aerospace capabilities and possibly monitor, infiltrate, and subvert other nations’ capabilities.
An attacker with a broad understanding of how an aircraft or aviation system works can successfully disrupt its normal operation. Thus, commensurable cyber defense strategies become imperative. This post will explore some documented cyber threats in the civil aviation industry over the last 20 years (2000-2020).
Slammer Worm attack (USA): A slammer worm attack compromised one of the FAA’s administrative servers. This attack shut down Internet service in some parts of Asia and slowed connections worldwide.
Cyber attack (Alaska, USA): Two separate attacks on US Federal Aviation Administration (FAA) Internet services forced it to shut down some air traffic control systems.
Malicious hacking attack (Oklahoma, USA): When hackers gained control of the FAA’s interconnected networks, they stole the administrative password. They could access over 40,000 login credentials to control a portion of the FAA’s mission-support network by gaining access to the domain controller in the Western Pacific region.
Malicious hacking attack (USA): A malicious hacking attack on FAA’s computer gave them access to the personal data of 48,000 current and former FAA employees.
Malware attack (Istanbul, Turkey): Many flights were delayed due to the malware attack that forced the shutdown of the passport control system at the airports of Istanbul Ataturk and Sabiha Gokcen’s departure terminals.
Hacking and Phishing attacks (USA): Malicious hacking and phishing attacks that targeted about 75 airports. These major cyberattacks were allegedly carried out by an undisclosed nation-state that sought to breach US commercial aviation networks.
DDoS attack (Poland): A Distributed Denial of Service (DDoS) IT Network attack by cyber-criminals that affected LOT Polish Airlines flight-plan systems at the Warsaw Chopin airport. The attack made LOT’s system computers unable to send flight plans to the aircraft, thus grounding at least ten flights and leaving about 1,400 passengers stranded.
Hacking, phishing attacks (Vietnam): Vietnam Airlines’ website and flight information screens in Ho Chi Minh City and the capital, Hanoi, were defaced by pro-Beijing hackers, who displayed messages supporting China’s maritime claims in the South China Sea.
Cyberattack (Boryspil, Ukraine): A malware attack was detected on a computer in the IT network of Kyiv’s main airport, which includes the airport’s air traffic control system.
Human error (United Kingdom): British flag-carrier computer systems failure caused by a contracted engineer’s disconnecting and reconnection of the data-center power supply. This accident left about 75,000 passengers of British Airways stranded.
Data breach (Hong Kong): Cathay Pacific Airways data breach of about 9.4 million customers’ personally identifiable information.
Data breach (United Kingdom): British Airways Data breach of about 380,000 Customers’ personally identifiable information.
Data breach (USA): Delta Air Lines Inc. and Sears Departmental stores reported a data breach of about 100000 customers’ payment information through a third party.
Ransomware attack (Bristol Airport, UK): An attack on Bristol Airport’s electronic flight information screens. As a result, the screen was taken offline and replaced with whiteboard data. This attack had no known negative consequences.
Mobile app data breach (Air Canada): Air Canada reported a breach affecting 20,000 people’s personal information.
Data breach (Washington DC, USA): A data breach on a NASA server led to a possible compromise of employees’ stored personally identifiable information (PII) on October 23, 2018.
Ransomware attack (Chicago, USA): Boeing was hit by the WannaCry computer virus. According to reports, the attack caused minimal damage to the company’s internal systems.
Cyberattack (Sweden): Cyber-attack launched by the Russian APT group (APT28) jammed Sweden’s air traffic control capabilities, grounding hundreds of flights over five days.
Bot attacks (Ben Gurion Airport, Israel): Israel’s airport authority blocked about 3 million bot attacks in a day as they attempted to breach airport systems.
Cyber Incident (Toulouse, France): This incident resulted in unauthorized access to Airbus’s “Commercial Aircraft business” information systems. According to the report on Airbus’ commercial operations, there was no known impact.
Ransomware attack (Albany, USA): Albany International Airport experienced a ransomware attack on Christmas of 2019. The attackers successfully encrypted the entire airport database, forcing the authorities to pay a ransom in exchange for the decryption key to a threat actor.
Crypto mining Malware infection (Europe): A discovery through Cyberbit’s Endpoint Detection and Response (EDR) by Cyberbit researchers showed an installation of crypto mining software infection that infected more than 50% of the European airport workstations.
Phishing attack (New Zealand): A phishing attempt was launched against Air New Zealand Airpoints customers. This attack exposed the personal information of approximately 112,000 customers, including names, details, and Airpoints numbers.
Ransomware attack (Denver, USA): A cyber-incident that involved the attacker accessing and stealing company data. The stolen data were later leaked online.
Ransomware attack (San Antonio, USA): ST Engineering’s aerospace subsidiary in the USA suffered a data breach involving Maze Cyber-criminal gaining unauthorized access to its IT network and thus launching a ransomware attack.