Presentation on theme: "Threats to the Aviation Sector"— Presentation transcript:
1Threats to the Aviation Sector Stu Solomon, iSIGHT PartnersVice President, Technical Services and Client Operations
2iSIGHT Partners 200+ experts, 16 Countries, 24 Languages, 1 Mission Global ReachThreatScape® - Adversary Focused IntelligenceCyber CrimeCyber EspionageDenial-of-ServiceEnterpriseHacktivismIndustrial Control SystemsMobileVulnerability and ExploitationResearch: threats, groups; determine/capture motivation and intentAnalysis: Fuse knowledge across methods, campaigns, affiliations, historical contextDissemination: Deliver high-fidelity, high-impact, contextual, actionable insightsProven Intelligence Methodology
3iSIGHT Partners Formal Process Rich, Contextual Threat Intelligence Human IntelligenceOpen SourcesCommunity EngagementUnderground MarketplacesTechnical SourcesiSIGHT Partners Research TeamResearch RepositoryiSIGHT Partners Analysis TeamiSIGHT Partners Customers1. Research Team submits data based on collection requirements set by analysts and customers – tagged with source veracity2. Analysis Team applies a best-of-breed methodology to fuse all-source intelligence into validated reporting linked to indicators3. Customer feedback and ad-hoc requests for information complete the loop of a dynamic information collection process
4Todays Global Threat Landscape Active & GlobalTranscends Geographies and SectorsMultiple MotivationsCyber Crime, Espionage, Hacktivism, Destruction, etc.Low Barriers for EntryActors use tools that work; not necessarily sophisticated methodsOpen marketplace providing capabilitiesStructured & VibrantEcosystem providing better tools, infrastructure, sharing ideas and methods, pooling resources
5The Threat Focus Trap Cross-Over Attacks Zeus Trojan:Most Popular Credential Collection MalwareOriginally Created by Russian Cyber CriminalsCross-over to Cyber EspionageMultiple benefitsDarkComet & University of WashingtonKey logging trojan affiliated with cyber espionage campaigns with a nexus to IranCross-over to cyber crimeUltimate goal: compromise financial credentials or personally identifiable information (PII) to perform fraud or identity theftIntelZeus Trojan:Most Popular Credential Collection MalwareOriginally Created by Russian Cyber CriminalsCross-over to Cyber EspionageMultiple benefits: proven effective, readily available, novel use provides obfuscationChronology:Developed in 2006 with focus on online banking credentials and credit card dataBetween 2009 – 2012 espionage actors used it targeted USG Agencies and DIB via spearphishingDarkComet & University of WashingtonKey logging trojan affiliated with cyber espionage campaigns with a nexus to IranCross-over to cyber crimeFeb. 7, 2014, a sensitive source reported that a faculty webpage at the University of Washington was hosting a lure page and an associated malicious payloadDecryption and analysis of the payload revealed strings identifying the Trojan as DarkCometThe ultimate goal in this campaign most likely was to compromise financial credentials or personally identifiable information (PII) to perform fraud or identity theft.
7Cyber Espionage Cyber Espionage Competitive Advantage Targets aviation and aerospace engineering firmsLocates intellectual property for commercial or military advantageLocational Info of DissidentsTravel dates and location information on individuals of interestCyber EspionageMotivation: Competitive AdvantageTarget: aviation and aerospace engineering firmsGoal: locate intellectual property for commercial or military advantage.Motivation: Location Info on DissidentsInformation commercial airlines may possess, including travel dates and location information on individuals of interest (for example, political dissidents) may also represent a high value target of interest to such actors.
8China: National Priorities and Targeting Internal SecurityMaintaining the regimeSeparatist/SplitistsExternal SecurityRegional threatsGlobal securityMilitary modernizationEconomic GrowthEnergy Development and ConservationNew-Generation IT IndustryBiology IndustryHigh-End Equipment ManufacturingNew Energy
9Chinese Teams – Conference Crew Highly focused on Defense Industrial BaseIdentifiable by unique malware/infrastructureTargeting of US and TaiwanUses conference attendee listsMilitary eventsVendors lists
10Cyber Crime: Credential and Identity Theft Airline-Themed PhishingFake offers for discounted airline ticketsLures for the installation of credential theft malwareMonetization MethodAirlines abused as a cash-out function to support other criminal schemesActors may compromise airline systems directlyCyber Crime
11Targeted LuresAIAA materials used to entice recipients to click on malware embedded sAsprox malware campaignCredential theft
12Hacktivism: Harassment Hacktivists may target aerospace engineering firms for the promotion of ideological/political beliefsCommercial aviation is generally less affected by this type of actorHacktivism
13Hacktivism: Disruption & Destruction TerrorismThis remains theoretical at this timeControl of aviation industrial control systems could be used to enable kinetic attacksHacktivists engage in information gatheringConduct an attackMonitor persons of interestHacktivism
14ADS-B Vulnerabilities The Automatic Dependent Surveillance-Broadcast (ADS-B) system is subject to spoofing attacks.Multiple spoofing operations possible:Scenario 1: An ADS-B system could be spoofed to generate a false hijacking code, one that could then be rescinded and creating a conflicting picture.Scenario 2: An ADS-B spoofing operation could generate a screen full of fake (ghost image) aircraft heading toward a private jet, while a regular radar signal from the vicinity of the jet shows a perfectly normal situation.
15Additional Risks Availability of 3rd Party Information The Impact of Published Vulnerability ResearchCommon set of standards, international policyShared responsibility between governments, airlines, airports, and manufacturersAccess ControlInsider ThreatPart of an ecosystem; Internet connectivityBalance Safety and SecurityThe Impact of Published Vulnerability ResearchUpdate difficulties intrinsic to many control system components and software means that even vulnerabilities found through legitimate security research often lead to increased threatsCommon Set of Standards“Ensuring a secured aviation system and staying ahead of evolving cyber threats is a shared responsibility, involving governments, airlines, airports, and manufacturers. It is critical that all of these members adopt a collaborative, risk-informed decision-making model to set goals and define a cybersecurity framework and roadmap to strengthen the aviation system’s resilience against attacks. “—The Connectivity Challenge: Protecting Critical Assets in a Networked World, page 5Access Control“Security of an airplane, hence, includes the ability to ensure that both data and the operational capabilities of the aircraft can only be accessed when authorized, and further, that, security of a system installed in an airplane includes the ability to ensure that both data and the operational capabilities of the system can only be accessed when authorized.”— Cyber Security for Aeronautical Networked Platforms – What does it mean to me in commercial aviation design?, page 8
16Challenges to the Aviation Industry Many victims of economic espionage are unaware of the crime until years after loss of the informationInadequate or non-existent monitoring and incident response to even detect activityMost companies don’t report intrusions in fear it could tarnish a company’s reputationWon’t accuse corporate rivals or foreign governments of stealing its secrets due to fear of offending potential customers and partnersHard to assign monetary value to some types of informationMany CIOs don’t focus on cyber security and are unaware of the true threats
17Lessons Learned From Other Industries Establish strong information sharing protocolsDrive Public/Private PartnershipEnable a culture of (Information) SecurityChange the conversation to include business contextEmploy basic information security hygieneContinuously seek to understand the evolving threatRecognize that you are not uniqueUnderstand third party connectionsAgree on standards and support them as a community