Threats to the Aviation Sector
Stu Solomon, iSIGHT PartnersVice President, Technical Services and Client Operations
2
iSIGHT Partners200+ experts, 16 Countries, 24 Languages, 1 Mission
www.isightpartners.com
Global Reach ThreatScape® - Adversary Focused Intelligence
Research: threats, groups; determine/capture motivation and intent
Analysis: Fuse knowledge across methods, campaigns, affiliations, historical context
Dissemination: Deliver high-fidelity, high-impact, contextual, actionable insights
Proven Intelligence Methodology
Cyber Crime
CyberEspionage
Denial-of-Service
Enterprise
Hacktivism
Industrial Control Systems
Mobile Vulnerability and
Exploitation
3
iSIGHT PartnersFormal Process Rich, Contextual Threat Intelligence
www.isightpartners.com
1. Research Team submits data based on collection
requirements set by analysts and customers – tagged with
source veracity
2. Analysis Team applies a best-of-breed methodology
to fuse all-source intelligence into validated
reporting linked to indicators
3. Customer feedback and ad-hoc requests for
information complete the loop of a dynamic
information collection process
iSIGHT Partners Analysis Team
iSIGHT Partners
Customers
Research Repository
• Human Intelligence
• Open Sources
• Community Engagement
• Underground Marketplaces
• Technical Sources
iSIGHT Partners Research Team
Todays Global Threat Landscape
Active & Global– Transcends Geographies and Sectors
Multiple Motivations– Cyber Crime, Espionage,
Hacktivism, Destruction, etc.
Low Barriers for Entry– Actors use tools that work; not
necessarily sophisticated methods
– Open marketplace providingcapabilities
Structured & Vibrant– Ecosystem providing better tools,
infrastructure, sharing ideas and methods, pooling resources
www.isightpartners.com 4
5
The Threat Focus TrapCross-Over Attacks
Zeus Trojan:– Most Popular Credential Collection Malware– Originally Created by Russian Cyber Criminals– Cross-over to Cyber Espionage – Multiple benefits
DarkComet & University of Washington– Key logging trojan affiliated with cyber espionage campaigns
with a nexus to Iran– Cross-over to cyber crime – Ultimate goal: compromise financial credentials or personally
identifiable information (PII) to perform fraud or identity theft
www.isightpartners.com
6
Multiple
Adversary
Motivations
Aviation Sector Threats
www.isightpartners.com
Cyber Crime
Hactivism
CyberEspionage
7
Cyber Espionage
www.isightpartners.com
Competitive Advantage– Targets aviation and aerospace
engineering firms– Locates intellectual property for
commercial or military advantage Locational Info of Dissidents
– Travel dates and location information on individuals of interest
Cyber Espionage
8
China: National Priorities and Targeting
www.isightpartners.com
1. Internal SecurityA. Maintaining the regimeB. Separatist/Splitists
2. External SecurityA. Regional threatsB. Global securityC. Military modernization
3. Economic GrowthA. Energy Development and ConservationB. New-Generation IT IndustryC. Biology IndustryD. High-End Equipment ManufacturingE. New Energy
9
Chinese Teams – Conference Crew
www.isightpartners.com
Highly focused on Defense Industrial Base Identifiable by unique malware/infrastructure Targeting of US and Taiwan Uses conference attendee lists
– Military events– Vendors lists
10
Cyber Crime: Credential and Identity Theft
Airline-Themed Phishing– Fake offers for discounted airline
tickets– Lures for the installation of credential
theft malware Monetization Method
– Airlines abused as a cash-out function to support other criminal schemes
– Actors may compromise airline systems directly
www.isightpartners.com
Cyber Crime
11
Targeted Lures
www.isightpartners.com
AIAA materials used to entice recipients to click on malware embedded emails
Asprox malware campaign Credential theft
12
Hacktivism: Harassment
Hacktivists may target aerospace engineering firms for the promotion of ideological/political beliefs
Commercial aviation is generally less affected by this type of actor
www.isightpartners.com
Hacktivism
13
Hacktivism: Disruption & Destruction
Terrorism– This remains theoretical at this time– Control of aviation industrial control
systems could be used to enable kinetic attacks
– Hacktivists engage in information gathering
Conduct an attack Monitor persons of interest
www.isightpartners.com
Hacktivism
14
ADS-B Vulnerabilities
www.isightpartners.com
The Automatic Dependent Surveillance-Broadcast (ADS-B) system is subject to spoofing attacks.
Multiple spoofing operations possible:
– Scenario 1: An ADS-B system could be spoofed to generate a false hijacking code, one that could then be rescinded and creating a conflicting picture.
– Scenario 2: An ADS-B spoofing operation could generate a screen full of fake (ghost image) aircraft heading toward a private jet, while a regular radar signal from the vicinity of the jet shows a perfectly normal situation.
15
Additional Risks
Availability of 3rd Party Information– The Impact of Published Vulnerability
Research Common set of standards,
international policy– Shared responsibility between
governments, airlines, airports, and manufacturers
Access Control– Insider Threat– Part of an ecosystem; Internet
connectivity Balance Safety and Securitywww.isightpartners.com
16
Challenges to the Aviation Industry
www.isightpartners.com
Many victims of economic espionage are unaware of the crime until years after loss of the information– Inadequate or non-existent monitoring and incident response
to even detect activity Most companies don’t report intrusions in fear it could tarnish a
company’s reputation Won’t accuse corporate rivals or foreign governments of stealing
its secrets due to fear of offending potential customers and partners
Hard to assign monetary value to some types of information Many CIOs don’t focus on cyber security and are unaware of the
true threats
17
Lessons Learned From Other Industries
Establish strong information sharing protocols
Drive Public/Private Partnership
Enable a culture of (Information) Security
Change the conversation to include business context
Employ basic information security hygiene
Continuously seek to understand the evolving threat
Recognize that you are not unique
Understand third party connections
Agree on standards and support them as a community
www.isightpartners.com
18
iSIGHT Partners
Questions?
Website: www.isightpartners.com
E-mail: [email protected]
Information: [email protected]
www.isightpartners.com
Top Related