Presentation is loading. Please wait.

Presentation is loading. Please wait.

Threats to the Aviation Sector Stu Solomon, iSIGHT Partners Vice President, Technical Services and Client Operations.

Similar presentations

Presentation on theme: "Threats to the Aviation Sector Stu Solomon, iSIGHT Partners Vice President, Technical Services and Client Operations."— Presentation transcript:

1 Threats to the Aviation Sector Stu Solomon, iSIGHT Partners Vice President, Technical Services and Client Operations

2 iSIGHT Partners 200+ experts, 16 Countries, 24 Languages, 1 Mission 2 Global ReachThreatScape ® - Adversary Focused Intelligence Research: threats, groups; determine/capture motivation and intent Analysis: Fuse knowledge across methods, campaigns, affiliations, historical context Dissemination: Deliver high- fidelity, high-impact, contextual, actionable insights Proven Intelligence Methodology Cyber CrimeCyber Espionage Denial-of-ServiceEnterprise HacktivismIndustrial Control Systems MobileVulnerability and Exploitation

3 iSIGHT Partners Formal Process  Rich, Contextual Threat Intelligence Research Team submits data based on collection requirements set by analysts and customers – tagged with source veracity 2. Analysis Team applies a best- of-breed methodology to fuse all- source intelligence into validated reporting linked to indicators 3. Customer feedback and ad-hoc requests for information complete the loop of a dynamic information collection process iSIGHT Partners Analysis Team iSIGHT Partners Customers Research Repository Human Intelligence Open Sources Community Engagement Underground Marketplaces Technical Sources Human Intelligence Open Sources Community Engagement Underground Marketplaces Technical Sources iSIGHT Partners Research Team

4 Todays Global Threat Landscape  Active & Global – Transcends Geographies and Sectors  Multiple Motivations – Cyber Crime, Espionage, Hacktivism, Destruction, etc.  Low Barriers for Entry – Actors use tools that work; not necessarily sophisticated methods – Open marketplace providing capabilities  Structured & Vibrant – Ecosystem providing better tools, infrastructure, sharing ideas and methods, pooling resources 4

5 The Threat Focus Trap Cross-Over Attacks Zeus Trojan: – Most Popular Credential Collection Malware – Originally Created by Russian Cyber Criminals – Cross-over to Cyber Espionage – Multiple benefits DarkComet & University of Washington – Key logging trojan affiliated with cyber espionage campaigns with a nexus to Iran – Cross-over to cyber crime – Ultimate goal: compromise financial credentials or personally identifiable information (PII) to perform fraud or identity theft 5

6 Multiple Adversary Motivations Aviation Sector Threats 6

7 Cyber Espionage 7  Competitive Advantage – Targets aviation and aerospace engineering firms – Locates intellectual property for commercial or military advantage  Locational Info of Dissidents – Travel dates and location information on individuals of interest

8 China: National Priorities and Targeting Internal Security A. Maintaining the regime B. Separatist/Splitists 2. External Security A. Regional threats B. Global security C. Military modernization 3. Economic Growth A. Energy Development and Conservation B. New-Generation IT Industry C. Biology Industry D. High-End Equipment Manufacturing E. New Energy

9 Chinese Teams – Conference Crew 9  Highly focused on Defense Industrial Base  Identifiable by unique malware/infrastructure  Targeting of US and Taiwan  Uses conference attendee lists – Military events – Vendors lists

10 Cyber Crime: Credential and Identity Theft  Airline-Themed Phishing – Fake offers for discounted airline tickets – Lures for the installation of credential theft malware  Monetization Method – Airlines abused as a cash-out function to support other criminal schemes – Actors may compromise airline systems directly 10

11 Targeted Lures 11  AIAA materials used to entice recipients to click on malware embedded s  Asprox malware campaign  Credential theft

12 Hacktivism: Harassment  Hacktivists may target aerospace engineering firms for the promotion of ideological/political beliefs  Commercial aviation is generally less affected by this type of actor 12

13 Hacktivism: Disruption & Destruction  Terrorism – This remains theoretical at this time – Control of aviation industrial control systems could be used to enable kinetic attacks – Hacktivists engage in information gathering  Conduct an attack  Monitor persons of interest 13

14 ADS-B Vulnerabilities 14  The Automatic Dependent Surveillance- Broadcast (ADS-B) system is subject to spoofing attacks.  Multiple spoofing operations possible: – Scenario 1: An ADS-B system could be spoofed to generate a false hijacking code, one that could then be rescinded and creating a conflicting picture. – Scenario 2: An ADS-B spoofing operation could generate a screen full of fake (ghost image) aircraft heading toward a private jet, while a regular radar signal from the vicinity of the jet shows a perfectly normal situation.

15 Additional Risks  Availability of 3 rd Party Information – The Impact of Published Vulnerability Research  Common set of standards, international policy – Shared responsibility between governments, airlines, airports, and manufacturers  Access Control – Insider Threat – Part of an ecosystem; Internet connectivity  Balance Safety and Security 15

16 Challenges to the Aviation Industry 16  Many victims of economic espionage are unaware of the crime until years after loss of the information – Inadequate or non-existent monitoring and incident response to even detect activity  Most companies don’t report intrusions in fear it could tarnish a company’s reputation  Won’t accuse corporate rivals or foreign governments of stealing its secrets due to fear of offending potential customers and partners  Hard to assign monetary value to some types of information  Many CIOs don’t focus on cyber security and are unaware of the true threats

17 Lessons Learned From Other Industries  Establish strong information sharing protocols  Drive Public/Private Partnership  Enable a culture of (Information) Security  Change the conversation to include business context  Employ basic information security hygiene  Continuously seek to understand the evolving threat  Recognize that you are not unique  Understand third party connections  Agree on standards and support them as a community 17

18 iSIGHT Partners Questions? Website: Information: 18

Download ppt "Threats to the Aviation Sector Stu Solomon, iSIGHT Partners Vice President, Technical Services and Client Operations."

Similar presentations

Ads by Google