Headlines about cyberattacks have become dangerously common. The last decade has seen an increase in attacks across different industries, companies, and infrastructures, and the aviation industry is no exception. In the aftermath of the COVID-19 pandemic, the industry has seen a significant rise in cyber attacks, with an average of 50 cyberattacks each year since 2020, and 50 attacks in the first two-thirds of 2022. In aviation, cybersecurity is the need of the hour.
The aviation industry has access to a huge volume of sensitive information including passport and payment information, making it a hot target for cybercriminals. While data security in aviation is definitely a top concern, a much larger threat looms: The risk to crew and passenger safety. The avionic systems used on aircraft include various equipment to control communication, navigation, flight controls, anti-collision systems, etc. A breach of any of these could be catastrophic, potentially leading to hijacking or even a crash.
The modus operandi of malware attacks and risks
The aviation industry is a largely interconnected network, spanning across various sectors and stakeholders, and each one is a potential entry point for attackers. Key elements like the reservation systems, digital air traffic controls, in-flight entertainment devices, cabin crew devices, cockpit instruments, cargo handling, amongst others, are all highly vulnerable to attacks.
Furthermore, airlines are increasingly looking for ways to reduce costs and improve efficiency by adopting advanced technologies across all functions. This leads to the outsourcing of IT departments and systems to third-party vendors and relying on commercial off-the-shelf (COTS) software. But third party systems and software do not always have reliable and robust security, leaving them more prone to attacks.
There are several types of cyberattacks that can affect the aviation industry; here are some of the most common.
- Ransomware attacks: In these attacks, criminals gain access to a part or whole of the airline's computer systems and hold it hostage until a ransom is paid. It is imperative that access to crucial data and system controls is restored before catastrophic damage can occur to flight operations. It is also essential to mitigate the risk of data loss, as it will have a huge effect on flight operations and business continuity.
- Data theft: These attacks involve the unauthorized copying, viewing, or transmitting of information, and continue to be the most common cyberattack in aviation. A huge breach occurred in 2021, when a global IT supplier to multiple airlines was hacked. The intruder accessed the data of millions of passengers, including information like login details, names, home addresses, credit card information, etc.
- Denial of Service (DoS) attacks: DoS and Distributed Denial of Service (DDoS) attacks are malicious cyberattacks that intend to flood the victim’s network with unwanted internet traffic. This disrupts the normal functioning of an online service, network resource, or host machine, rendering it unavailable. The most recent example of DoS attack on aviation occurred in October 2022, when the websites of airports in Chicago, Los Angeles, and New York, among others, were inaccessible to passengers looking for flight details and other information.
- Phishing attacks: In these attacks, hackers typically defeat or surpass the system’s spam and malware filters to gain network access. These have become increasingly common since the COVID-19 pandemic, wherein attackers pose as airlines and dupe passengers by claiming to offer refunds for cancelled flights.
- Hacking into the critical avionics and other systems: As mentioned earlier, the avionic systems used on the aircraft include various equipment to control communication, navigation, flight controls, anti-collision systems, etc. Any attempt to hack these can have grievous ramifications.
Major cyberattacks on aviation
Since the pandemic, the aviation industry has experienced a wave of cyberattacks. Some of the most notable include:
- In 2022, a low-cost airline in India fell prey to a ransomware attack that led to the delayed departures of several flights. While the airline was able to contain and rectify the situation and resume operations within a few hours, it left many passengers stranded at different airports. Some passengers took to Twitter to point out the chaos caused at the airports. The situation also threw light on the fact that while IT teams try to resolve the issue at the back end, it is equally crucial to train the ground staff and in-flight staff to handle such situations effectively.
- In April 2022, a Canadian airline faced a cyberattack that caused flight delays and operational glitches for five days. The attack was reportedly due to a data breach at the company’s third-party service provider, which provides passenger management software solutions (e.g. check-in and boarding) for the airlines. Without the check-in systems in place, the airlines were forced to process flights, fill out boarding passes, and check in passengers manually.
- In February 2021, one of the largest aviation IT companies that caters for nearly 90% of airlines globally with its in-house Passenger Service System, was hit by a massive cyberattack in which hackers targeted servers containing personal data records of passengers dating back to a decade. The IT company revealed that several major airlines were affected, including an Indian airline company that reported the personal data of nearly 4.5 million passengers were compromised.
- A British airline company fell prey to one of the biggest cyberattacks in 2020, when the personal data of nearly 9 million customers, including the credit card information of 2,000+ customers, was compromised. To make matters worse, the airline notified its customers about the attack nearly four months after the attack. The company received major backlash and is now facing a class-action lawsuit seeking around £18 billion in damages.
- In 2018, the largest British airline company had a major data breach in which the personal data of over 400,000 customers and staff were compromised. The breached data included names, addresses, and credit card information. An investigation was conducted by the Information Commissioner's Office (ICO), which found that the breach occurred due to inadequate security measures taken by the airlines to protect its customers’ data. As a result, the British airline company was fined a whopping £20 million.
It is clear that cyberattacks in aviation can be disastrous. The consequences range from minor inconveniences to severe operational disruptions, and involve the breach of personal data of the customers and staff, huge financial losses to the airlines, and ultimately a threat to life in the event of a hijack or crash.
While the aviation industry continues to adopt advanced systems in an attempt to increase efficiency and deliver improved passenger experiences, each technological advancement is a potential entry point for attackers. Aviation should take the following security measures:
- It is imperative to have robust cyber security protocols in place across all key entities.
- Using up-to-date systems and software, with regular checks for vulnerabilities.
- Assessing all aviation applications regularly for vulnerabilities, including in-flight and cockpit devices.
- Securing access to network devices and systems by protecting the endpoints with endpoint management solutions.
- Using multi-factor authentication for identity and access management.
- Using encryption techniques across different systems. End-to-end encryption for all sensitive data helps ensure protection of customer and employee data, including banking and payment information, personal IDs, and passport information. Encrypting real-time communications between aircraft and ground-based air traffic control systems is also crucial.
- Companies must strive to attain cyber resilience, i.e. the ability to predict and mitigate risks, to detect and respond to threats at the earliest, and also to recover from any attacks with minimal losses.
- Artificial intelligence and machine learning can also create greater and more sophisticated protection against the ever-growing cybersecurity threats. For example, AI-enabled security systems can learn and recognize patterns and easily identify any suspicious activity.
- Threat intelligence and incident response help with detecting potential threats in advance and taking proactive measures to contain and respond to threats.
- Predictive analytics help predict the likelihood of different threat attacks and scenarios and mitigate the risk.
The world of aviation technology is constantly evolving. As technologies continue to emerge, so do new threats, and the aviation cybersecurity ecosystem needs to keep up. Our SIEM solution, ManageEngine Log360, helps prevent attacks by detecting any unusual events or activities and initiating automatic remediation processes. To see how Log360 can help your organization defend against cyberattacks, sign up for a free, personalized demo.