What is a Cyber Threat Landscape ?
A cyber threat landscape typically refers to the entirety of potential and identified state of cybersecurity risks and threats face by a particular nation, industry or organization (entity). This can include threat actors, attack techniques, vulnerabilities and etc.
Why is it important to understand cyber threat landscape ?
There are many cyber attacks happening around the world [1], and it can be very resource intensive to defend against all of them. Cyber threat landscape analysis makes it possible to identify cybersecurity risks and threats facing a specific entity, so that resources can be prioritize to focus on implementing the necessary measures to mitigate them.
What does this cyber threat landscape analysis covers ?
Firstly, it identifies the trends in terms of cyber threats based on past aviation related cyber incidents and APT [2] campaigns. Secondly, it gives a glimpse of the aviation cyber threat trends in 2023 based cyber incidents that have occurred till date.
How is this cyber threat landscape analysis conducted ?
The analysis is carried out based on 2 sources of information, 1.) past aviation/aerospace related cyber incidents and 2.) past aviation/aerospace Advanced Persistent Threat (APT) campaigns observed from publicly available threat intelligence reports and cyber incident news reports. Some of the threat actors associated with the campaigns are known to target the aviation industry based on open source intelligence (OSINT) [3].
What is the data collection Methodology ?
For the past aviation/aerospace related cyber incidents, the data was aggregated from first 10 pages of google news for the period of 2012 to 2023 [4]. As for the APT campaigns, they were validated against publicly available threat intelligence reports and news from 2010 to 2023.
What are the trends based on the past aviation related cyber incidents and APT campaigns ?
1.) Increasing number of cyber incidents.
There is increasing number of cyber incidents between the year 2015 to 2023, and this can be attributed to 2 main reasons; 1.) increased connectivity and digitalisation in the aviation/aerospace industry and 2.) increased global geo-political tension. The connectivity of aviation/aerospace systems and network has increased with the use of wireless communication, internet-enabled devices and cloud computing. While increased connectivity has brought benefits (e.g. improved operational efficiency from real-time data sharing and communication) to the aviation/aerospace industry, it has provided more entry points for cyber adversaries to exploit. Similarly, aviation/aerospace industry has become more digitalized with many of the operations and processes relying heavily on technology and complex network of digital systems to facilitate smooth operations. This has also made the industry susceptible to cyber attacks [5]. On the other hand, increased global geo-political tension has led to increased cyber attacks (e.g. hacktivism) targeting the aviation/aerospace industry. These cyber attacks seek to disrupt operations or steal sensitive data from the aviation/aerospace industry (E.g. recent attacks on German airports' websites by pro-Russian hacker group that was alleged to be linked to Russia-Ukraine conflict [6].
2.) Geo-political situation can lead to cyber attack.
Increase in cyber incidents in EMEA in recent years is largely attributed to geo-political tensions (E.g. Russia-Ukraine conflict).
3.) Majority of the incidents involved airline and airport.
There were more cyber incidents involving the airport and airline because these two entities generally handle large volume of high value data which makes them attractive targets to cyber attack [5]. The high value data may include passenger information (e.g. flight bookings, passenger names, passport information and etc.) and financial information such as credit card information).
4.) Ransomware is the top in the list among the cyber incidents that have occurred.
The top attack type observed from the past aviation/aerospace related cyber incidents is Ransomware attack. This is consistent with global trend which sees Ransomware attack as one of the biggest global cyber threat [7]. This could be because it is seen as one of the most lucrative forms of cyber attacks which forces victim organization to pay ransom to unlock encrypted data or prevent stolen data from being leaked. Second to Ransomware is DDoS attack, and this is largely attributed to Russia-Ukraine conflict and targeting at countries supporting Ukraine.
5.) Notable threat actors attributed to China, Russia and Middle East, and mainly hacktivist group.
6.) The cyber incidents largely involved data breach, system outage and website outage.
The top 3 direct impacts were observed to be data breach, system and website outages, and the notable impacted system are as shown below:
7.) Some of the cyber incidents were attributed to security weaknesses within the infrastructures:
What are the insights from the past aviation/aerospace APT campaigns ?
1.) Majority of the APT campaigns was attributed to threat actors from China, Iran and Russia.
2.) The motivation of the APT campaigns was mainly Information Theft and Espionage [8][9].
3.) Phishing was observed to be the top initial attack vector observed from the campaigns, and this is consistent with global trend as human is seen as the weakest link in an organization's cybersecurity defenses.
4.) The commonly used off-the-shelf tools/malwares used during in the APT campaigns were mainly use for post installation activities in a cyber kill chain [10].
What are the trends in 2023 ?
DDoS and Ransomware attacks are prevalent in aviation industry in 2023 till date with cyber incidents largely happening in EMEA, and majority of the incidents involved airline and airport. There are greater impacts to airport and airline from DDoS or Ransomware attacks as they are considered part of essential services. Any attack on airport or airline can disrupt air transport.
Conclusion
This analysis aims to give readers an understanding of the cyber threats facing the aviation/aerospace industry because cyber attack can disrupt air transport which is an essential service. Thanks for reading this article and hope you find the information useful.
References
[3] (Open source APT information) https://www.ishareinfo.com/apt/
[4] (python code for scraping news from GoogleNews) https://github.com/cyberanalyst86/googlenewssearch
コメント