Separating Speculation from Situational Awareness in the Aviation Threat Landscape
Aviation as a Target
As passenger numbers recover from the pandemic, companies are dusting off investment plans in their digital infrastructure in an increasingly hostile threat landscape. Prior to the pandemic, roughly $899 billion was spent on air transport worldwide, amounting to $2.7 trillion in global economic impact. Likewise, global commercial airlines reported $865 billion in revenue, a potential gold mine for malicious actors.
The introduction of global lockdown measures to thwart the spread of the novel Coronavirus caused an unprecedent collapse in global mobility, resulting in a 74% plummet in international tourist arrivals, a loss of an estimated 62 million jobs worldwide, and a $4.5 trillion drop in the Travel and Tourism sector’s contribution to global Gross Domestic Product (GDP).
The key role Aviation plays in economic security, passenger travel, and global trade in conjunction with its status as an industry which collects, transmits, and hosts vast amounts of Personally Identifiable Information (PII) and financial data, marks the aviation sector as an enduring high-value target to both state-sponsored and criminal actors.
Depending on the sophistication, scale and frequency of attacks, cyber incidents in this space have the potential to compromise or expose passenger or employee data, disrupt critical services, damage or destroy highly specialized equipment, and may ultimately result in the loss of human life. Simply put, the stakes couldn’t be higher.
The challenge is amplified by the range of services and companies that are part of the supply chain for the airline and transport industry. With travel companies, airport logistics, cargo, in-flight entertainment, catering services extending the attack surface available for attackers to probe for potential weaknesses.
Today, the rapid adoption of new ‘seamless’ technologies into the ecosystem of the air transport sector is giving way to an emerging extension of a global landscape that is already under siege. Defending digital territory of this magnitude takes actionable insight.
Whether the services are provided by wholly owned subsidiaries or key suppliers, the customer data which flows through the ecosystem to provide a seamless customer experience need to be secured and monitored to ensure a breach does not disrupt passenger journeys, damage passenger confidence, or incur significant fines.
Staying Airborne During the Pandemic
To keep the collective industry afloat, individual nation-states devoted more than $243 billion to support the preservation and advancement of their respective air transport enterprises and chosen national champions. Meanwhile, the global air transport industry sought out new digital solutions to adapt to new health and safety standards.
To reduce restrictions on travel impeding the recovery of international tourism, the aviation industry accelerated the fielding of new Digital Travel Credentials (DTCs) to enable passengers to securely authenticate, store, and communicate valid travel documents and vaccination requirements. Likewise, to personalize passenger experiences and directly deliver targeted content to consumers, airlines embraced the rapid proliferation of new carrier specific new distribution capabilities (NDCs).
Ready to take full advantage of developing technology in the industry, malicious actors orient and adapt attack techniques to exploit emerging trends. In the case of Digital Travel Credentials, between January 2021 and February 2022, IBM X-Force uncovered more than 100 doppelganger webpages impersonating authentic National Public Health Authority (NPHA) websites issuing COVID-19 DTCs. The actor-controlled sites imitate government Ministries of Health, and similar NPHAs from over 10 countries, harvesting user credentials and generating fraudulent certificates.
IBM X-Force Research- Dredging the DarkWeb
Dredging the Darkweb, X-Force uncovered several instances where criminal actors posted enticing advertisements containing links promising access to application downloads related to Departure Control Systems, Flight Management Computer, and Flight Management Systems. The posts proclaim to have information regarding cargo flight timetables covering international air, as well as Codeshare information. Those that take the bait do not land on the app, but instead find themselves on a SecureFiles page, leading to a “Download” button, likely enabled to harvest credentials.
In the almost-anonymous non-indexed space, criminals bring their data to sell (or make freely available) on file-sharing sites, forums, and underground markets. Researching the new NDC apps in the air transport environment, X-Force unearthed potential log sales for at least 6 International Air Transport Association (IATA) accredited level 3 and 4 organizations, as well as databases for airlines providing charter domestic, international passenger, and cargo services. Further searches yielded more furtive aviation-related data such as cockpit recordings, flight records, information regarding directors of flight operations, and licensing information for individual air transport pilots- all potentially posing a significant risk to airlines.
While our IBM X-Force team researchers monitor the dark recesses of the internet for evidence of breach and emerging threats our IBM security consultants are supporting clients around the globe in securing their infrastructure, applications and workforce. Using the principles of ZeroTrust when migrating critical data and services to the cloud, transforming and accelerating application development by implementing DevSecOps practices and tooling to build security in at the beginning, and transforming the culture and awareness of security from the board room to the check-in desk. As a key transformation partner helping our clients secure their Hybrid Cloud journey IBM has unique insight into the challenges facing the industry and services and solutions to support them.
To hear more about the threats and challenges facing the airline and travel industry please join IBM at the cybersecurity panel: “How can we increase cyber resilience and reduce the business impact of cyber risk in the aviation industry?”
The event takes place at 12:35 on the 6th of October within the World Aviation Festival Event. You’ll get a look into the cost of a data breach in the aviation industry, learn how to assess, reduce, and manage industry risk, and learn about your peers’ experiences with building resiliency to mitigate impact and cyber risk.
Article by IBM