Ransomware attackers know that industries with the most to lose are often the best targets, since the greater the potential disruption of that industry, the greater their chances of getting paid. It’s why hospitals and health care systems are a target, and schools and even sovereign governments are under constant assault.
One of the least known, yet arguably most at-risk industries is aviation. With aviation in general having a deserved reputation of being behind the times, it’s not surprising that attackers are seeing businesses in this industry as ideal targets.
Notable Attacks Should Heighten Vigilance in the Industry
The vulnerability of an airliner in flight is enough to give any security professional cold sweats at night. The concern is warranted, as there have been several attacks against the aviation industry over the past five years. Two of the most notable instances, although not impacting flights in the air, should be concerning enough to raise alarm bells within the industry.
An attack against Swissport, an airport ground services provider, on Feb. 3, 2022, caused flight delays in Zurich, Switzerland. Also, Brussels Airport was forced to switch to paper manifests. The impacted Swissport system was taken offline (the company didn’t indicate if the ransom was paid or how the issue was resolved).
Spirit Airlines was victimized by the Nefilm ransomware in March 2021. The group stole financial and personal information of customers that had flown on the airline between 2016 and 2021. More than 40GB of data was stolen, containing 33,000 files. These files were later released on the dark web. The ransomware-initiated the attack used ghost credentials against unpatched systems to penetrate Spirit Airlines cybersecurity measures.
Threat Vectors Are Difficult to Close
One of the most vulnerable technology platforms in aviation is booking and ticketing systems. These customer-facing systems are a blend of high-tech, app-based interfaces and legacy mainframes. The necessary communication between these systems opens the door to potential attackers. A contributing factor to this risk is the minimal intrusion detection abilities in the back-end systems.
The Federal Aviation Administration (FAA) and air traffic control (ATC) systems are still heavily reliant on low-tech tower operations in the majority of the nation’s airports. Despite its efforts, FAA computers have been regularly compromised since 2009.
Although the age of its systems deterred widespread distribution of these attacks, this can’t be counted on for long as attacks become more intelligent and exhibit the ability to cross system architectures.
What Can Be Done?
The FAA now works with the Department of Homeland Security and uses the former’s 2021 security directives to encourage a collaborative effort to keep aviation systems secure. Aviation equipment manufacturers, from aircraft to control systems, are required to provide security updates as part of retaining certification.
Unfortunately, despite these precautions against ransomware incursions into aviation systems, some manufacturers and agencies have been slow to adopt. And with a new threat of cyber attacks against the U.S. from Russian-backed operatives looming on the horizon, the pace will need to quicken to keep our airports and skies safe.