According to a Eurocontrol report, there has been a significant increase in cyber-attacks against various segments of the aviation industry over the last year.
According to new Eurocontrol data analysing rising levels of risk for the industry from criminals, hackers, and state-sponsored cyber-attackers, commercial airlines accounted for 61 percent of all detected aviation-related cyber-attacks in 2020.
Eurocontrol used data collected from its European Air Traffic Management Computer Emergency Response Team (EATM-CERT) in the latest in a series of Think Papers, which reported a 530 percent increase in the number of cyber-attacks reported to or identified by the team between 2019 and 2020. None of the EATM-CERT-reported cyber-attack methods or attempts were directed directly at safety-critical aircraft systems or passenger mobile devices connected to in-flight internet.
EATM-CERT’s report notes its system identified or received reports on a total of 775 cyber-attacks on airlines over the course of 2020, a significantly higher number than the next two aviation sectors combined, just over 200 for aviation OEMs and 150 for airports.
“The vast majority of these attacks – 95 percent – were financially motivated: 739 out of 775 incidents. This led to financial loss in 55 percent of cases, and the leaking or theft of personal data in an additional 34 percent of cases,” EATM-CERT notes in the report.
Eurocontrol also classified attacks against airlines and others and discovered that, according to 2020 data, attackers overwhelmingly targeted airlines with fraudulent websites and data theft. Researchers blamed the fraudulent website trend on the uncertainty caused by the COVID-19 pandemic, which affected airline ticket changes and refunds.
According to the report, aviation manufacturers are the most targeted for data theft, with 122 of the 206-total reported cyber-attacks against them coming from cybercriminals looking to monetize their intellectual property. According to EATM-CERT, the shift of many OEMs to cloud-based infrastructure to store and access their data is also problematic because it broadens the threat surface by giving attackers multiple devices connected to the same cloud to go after.
The new report also highlights some of the successful attacks against high-profile companies, such as the one against EasyJet, in the U.K., reported in May 2020. This attack exposed the personal information, email addresses, and travel details of 9 million EasyJet passengers.
A chart featured in the new Eurocontrol report shows how the number of cyber-attacks reported to or identified by EATM-CERT. (Eurocontrol)
In March, well-known aviation IT supplier SITA reported that it had been the victim of a cyber-attack involving specific passenger data stored on SITA’s airline passenger service system servers. Although the breach has not yet been quantified, EATM-report CERT’s notes that it could “dwarf the Cathay Pacific incident in terms of millions of exposed records,” referring to a 2018 attack on Cathay Pacific in which 9.4 million passenger records were stolen.
The report also highlights an increase in the number of ransomware attacks (the use of malware to infect a computer or IT system and restrict user access until a ransom is paid). A June 2020 ransomware attack on VT San Antonio Aerospace resulted in the theft of 1.5 terabytes of sensitive data. EATM-CERT also highlights a March 2021 ransomware attack against Spirit Airlines, which the US-based carrier has yet to acknowledge.
“Every week, an aviation actor suffers a ransomware attack somewhere in the world, with big impacts on productivity and business continuity, let alone data loss and/or costly extortion demands paid in order to restart operations,” the EATM-CERT team writes in the report. “To be better prepared to manage a ransomware attack, EATM-CERT has teamed up with A-ISAC, the Aviation Information Sharing and Analysis Centre, on a joint awareness campaign about ransomware to help aviation stakeholders better understand the threat and recommend best practices to reduce risks.”
Researchers at EATM-CERT also advocate for the creation of a new European Aviation Common Public Key Infrastructure that will use digital identification to provide a new secure medium for electronic communications and transactions between European aviation actors.
By Joe Cusmano