Presentation is loading. Please wait.

Presentation is loading. Please wait.

Threats to the Aviation Sector

Published byTodd Esse Modified over 9 years ago

Similar presentations

Presentation on theme: "Threats to the Aviation Sector"— Presentation transcript:

1 Threats to the Aviation Sector
Stu Solomon, iSIGHT Partners Vice President, Technical Services and Client Operations

2 iSIGHT Partners 200+ experts, 16 Countries, 24 Languages, 1 Mission
Global Reach ThreatScape® - Adversary Focused Intelligence Cyber Crime Cyber Espionage Denial-of-Service Enterprise Hacktivism Industrial Control Systems Mobile Vulnerability and Exploitation Research: threats, groups; determine/capture motivation and intent Analysis: Fuse knowledge across methods, campaigns, affiliations, historical context Dissemination: Deliver high-fidelity, high-impact, contextual, actionable insights Proven Intelligence Methodology

3 iSIGHT Partners Formal Process  Rich, Contextual Threat Intelligence
Human Intelligence Open Sources Community Engagement Underground Marketplaces Technical Sources iSIGHT Partners Research Team Research Repository iSIGHT Partners Analysis Team iSIGHT Partners Customers 1. Research Team submits data based on collection requirements set by analysts and customers – tagged with source veracity 2. Analysis Team applies a best-of-breed methodology to fuse all-source intelligence into validated reporting linked to indicators 3. Customer feedback and ad-hoc requests for information complete the loop of a dynamic information collection process

4 Todays Global Threat Landscape
Active & Global Transcends Geographies and Sectors Multiple Motivations Cyber Crime, Espionage, Hacktivism, Destruction, etc. Low Barriers for Entry Actors use tools that work; not necessarily sophisticated methods Open marketplace providing capabilities Structured & Vibrant Ecosystem providing better tools, infrastructure, sharing ideas and methods, pooling resources

5 The Threat Focus Trap Cross-Over Attacks
Zeus Trojan: Most Popular Credential Collection Malware Originally Created by Russian Cyber Criminals Cross-over to Cyber Espionage Multiple benefits DarkComet & University of Washington Key logging trojan affiliated with cyber espionage campaigns with a nexus to Iran Cross-over to cyber crime Ultimate goal: compromise financial credentials or personally identifiable information (PII) to perform fraud or identity theft Intel Zeus Trojan: Most Popular Credential Collection Malware Originally Created by Russian Cyber Criminals Cross-over to Cyber Espionage Multiple benefits: proven effective, readily available, novel use provides obfuscation Chronology: Developed in 2006 with focus on online banking credentials and credit card data Between 2009 – 2012 espionage actors used it targeted USG Agencies and DIB via spearphishing DarkComet & University of Washington Key logging trojan affiliated with cyber espionage campaigns with a nexus to Iran Cross-over to cyber crime Feb. 7, 2014, a sensitive source reported that a faculty webpage at the University of Washington was hosting a lure page and an associated malicious payload Decryption and analysis of the payload revealed strings identifying the Trojan as DarkComet The ultimate goal in this campaign most likely was to compromise financial credentials or personally identifiable information (PII) to perform fraud or identity theft.

6 Aviation Sector Threats
Multiple Adversary Motivations Hactivism Cyber Crime Cyber Espionage

7 Cyber Espionage Cyber Espionage Competitive Advantage
Targets aviation and aerospace engineering firms Locates intellectual property for commercial or military advantage Locational Info of Dissidents Travel dates and location information on individuals of interest Cyber Espionage Motivation: Competitive Advantage Target: aviation and aerospace engineering firms Goal: locate intellectual property for commercial or military advantage. Motivation: Location Info on Dissidents Information commercial airlines may possess, including travel dates and location information on individuals of interest (for example, political dissidents) may also represent a high value target of interest to such actors.

8 China: National Priorities and Targeting
Internal Security Maintaining the regime Separatist/Splitists External Security Regional threats Global security Military modernization Economic Growth Energy Development and Conservation New-Generation IT Industry Biology Industry High-End Equipment Manufacturing New Energy

9 Chinese Teams – Conference Crew
Highly focused on Defense Industrial Base Identifiable by unique malware/infrastructure Targeting of US and Taiwan Uses conference attendee lists Military events Vendors lists

10 Cyber Crime: Credential and Identity Theft
Airline-Themed Phishing Fake offers for discounted airline tickets Lures for the installation of credential theft malware Monetization Method Airlines abused as a cash-out function to support other criminal schemes Actors may compromise airline systems directly Cyber Crime

11 Targeted Lures AIAA materials used to entice recipients to click on malware embedded s Asprox malware campaign Credential theft

12 Hacktivism: Harassment
Hacktivists may target aerospace engineering firms for the promotion of ideological/political beliefs Commercial aviation is generally less affected by this type of actor Hacktivism

13 Hacktivism: Disruption & Destruction
Terrorism This remains theoretical at this time Control of aviation industrial control systems could be used to enable kinetic attacks Hacktivists engage in information gathering Conduct an attack Monitor persons of interest Hacktivism

14 ADS-B Vulnerabilities
The Automatic Dependent Surveillance-Broadcast (ADS-B) system is subject to spoofing attacks. Multiple spoofing operations possible: Scenario 1: An ADS-B system could be spoofed to generate a false hijacking code, one that could then be rescinded and creating a conflicting picture. Scenario 2: An ADS-B spoofing operation could generate a screen full of fake (ghost image) aircraft heading toward a private jet, while a regular radar signal from the vicinity of the jet shows a perfectly normal situation.

15 Additional Risks Availability of 3rd Party Information
The Impact of Published Vulnerability Research Common set of standards, international policy Shared responsibility between governments, airlines, airports, and manufacturers Access Control Insider Threat Part of an ecosystem; Internet connectivity Balance Safety and Security The Impact of Published Vulnerability Research Update difficulties intrinsic to many control system components and software means that even vulnerabilities found through legitimate security research often lead to increased threats Common Set of Standards “Ensuring a secured aviation system and staying ahead of evolving cyber threats is a shared responsibility, involving governments, airlines, airports, and manufacturers. It is critical that all of these members adopt a collaborative, risk-informed decision-making model to set goals and define a cybersecurity framework and roadmap to strengthen the aviation system’s resilience against attacks. “—The Connectivity Challenge: Protecting Critical Assets in a Networked World, page 5 Access Control “Security of an airplane, hence, includes the ability to ensure that both data and the operational capabilities of the aircraft can only be accessed when authorized, and further, that, security of a system installed in an airplane includes the ability to ensure that both data and the operational capabilities of the system can only be accessed when authorized.”— Cyber Security for Aeronautical Networked Platforms – What does it mean to me in commercial aviation design?, page 8

16 Challenges to the Aviation Industry
Many victims of economic espionage are unaware of the crime until years after loss of the information Inadequate or non-existent monitoring and incident response to even detect activity Most companies don’t report intrusions in fear it could tarnish a company’s reputation Won’t accuse corporate rivals or foreign governments of stealing its secrets due to fear of offending potential customers and partners Hard to assign monetary value to some types of information Many CIOs don’t focus on cyber security and are unaware of the true threats

17 Lessons Learned From Other Industries
Establish strong information sharing protocols Drive Public/Private Partnership Enable a culture of (Information) Security Change the conversation to include business context Employ basic information security hygiene Continuously seek to understand the evolving threat Recognize that you are not unique Understand third party connections Agree on standards and support them as a community

18 Questions? iSIGHT Partners Website: www.isightpartners.com
Information:

Download ppt "Threats to the Aviation Sector"

Similar presentations

Welcome HITRUST 2014 Conference April 22, 2014. The Evolving Information Security Organization – Challenges and Successes Jason Taule, Chief Security.

Welcome HITRUST 2014 Conference April 22, The Evolving Information Security Organization – Challenges and Successes Jason Taule, Chief Security.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Threat Intelligence Use in Information Security: History, Theory and Practice Tim Gallo Cyber Security Field Engineering 1.

Threat Intelligence Use in Information Security: History, Theory and Practice Tim Gallo Cyber Security Field Engineering 1.
1© Copyright 2014 EMC Corporation. All rights reserved. Securing the Cloud Gintaras Pelenis Field Technologist RSA, the Security Division of EMC

1© Copyright 2014 EMC Corporation. All rights reserved. Securing the Cloud Gintaras Pelenis Field Technologist RSA, the Security Division of EMC
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Advancing Alternative Energy Technologies Glenn MacDonell Director, Energy Industry Canada Workshop on Alternatives to Conventional Generation Technologies.

Advancing Alternative Energy Technologies Glenn MacDonell Director, Energy Industry Canada Workshop on Alternatives to Conventional Generation Technologies.
Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.

Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
The Cyber Threat Intelligence Experts

The Cyber Threat Intelligence Experts
Who Is Attacking You? Distinguishing Motivation to Prioritize Threats John Hultquist Senior Manager, Cyber Espionage Threat Intelligence iSIGHT Partners.

Who Is Attacking You? Distinguishing Motivation to Prioritize Threats John Hultquist Senior Manager, Cyber Espionage Threat Intelligence iSIGHT Partners.
Cyber Crime Game Players By Marharyta Abreu & Iwona Sornat.

Cyber Crime Game Players By Marharyta Abreu & Iwona Sornat.
Management’s Role in Information Security V.T. Raja, Ph.D., Oregon State University.

Management’s Role in Information Security V.T. Raja, Ph.D., Oregon State University.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
Information Warfare Theory of Information Warfare

Information Warfare Theory of Information Warfare
Cyber X-Force-SMS alert system for E-mail threats.

Cyber X-Force-SMS alert system for threats.
Cyber Resilience Simon Onyons Financial Stability – Resilience Team.

Cyber Resilience Simon Onyons Financial Stability – Resilience Team.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Similar presentations

Ads by Google