Cyberattacks In The Aviation Industry

Cyber-attacks have been growing in number since the digital era made different industries jump onto the digitalization wagon to keep up with the evolution of the markets. And the aviation industry is no exception.

Moreover, the aviation industry is one that needs certain passenger data to conduct its operations. For example, airlines need to handle both passengers’ documentation like passports and payment data like credit card information.

Therefore, the many different organizations within the aviation industry, such as airlines, airport operators, technology providers, among others, have become prime targets for cyber attacks.

Of course, the aviation sector needs to develop cyber resilience because cyber-attacks can be very costly.

On the one hand, a cyber attack can result in a critical interruption of an airline’s operations. On the other hand, not being able to protect the information of their passengers could result in a loss of trust and reputation. Either way, the impact is severe.

If you want to learn more about cyber attacks in the aviation industry, keep reading as we provide more details.

Cyber attacks and the aviation industry

While the aviation industry is comprised of several types of companies, the truth is that the majority of cyber attacks reported in recent years have been targeted at a specific sector, the airlines.

According to data collected by the European Organisation for the Safety of Air Navigation, commonly known as Eurocontrol, 61 percent of the total cyber-attacks reported in 2020 were directed at commercial airlines.

In addition, the European Air Traffic Management Computer Emergency Response Team (EATM-CERT) at Eurocontrol reported a 530 percent increase in the number of cyber-attacks between 2019 and 2020.

But, what is a cyber attack? And, how could the aviation industry build cyber resilience? Let’s find out.

What causes a cyberattack?

A cyber attack refers to a strike made by cybercriminals to achieve malicious goals. Cyber hackers attack computers and network systems. The purpose of cyber-attacks is often to steal data.

What happens during a cyberattack?

In cyberattacks, computers will be disabled, or data will be stolen. And, when they are hacked, they become a potential target for further attacks.

What are the different types of cyberattacks?

There is a wide variety of cyberattacks hackers use to get stolen data. Among the most common ones, we can find the following:

• Use of malware. This includes viruses, trojans, worms, ransomware attacks, and spyware attacks.
• Phishing. This is an attack that consists of sending mass amounts of fraudulent emails to unsuspecting users, disguised as coming from a reliable source.
• Man-in-the-Middle or MitM attacks. This is an interception of a two-part transaction where the hackers put themselves in the middle.
• Denial-of-Service (DOS) attack. This consists of flooding systems, servers, and/or networks with traffic to overload resources and bandwidth, thus resulting in the system being unable to process and fulfill legitimate requests.
• SQL injections. This is done by inserting malicious code into a server using a server query language (SQL), forcing the server to deliver protected information.
• Password attacks, such as the one called “brute-force attack”.

Cybersecurity risks abound nowadays, and the list above only shows a few of the tricks hackers use during their attacks. We will describe how some of these types of cyberattacks have been used against the aviation industry later on.

What is cybersecurity in aviation?

For organizations in aviation, cybersecurity is not about complying with regulations anymore. Cyber threats evolve very fast, so they need to be more proactive and take adequate security measures. In fact, according to Eurocontrol, “statistics show that when it comes to cybersecurity, the risk of attacks is rapidly increasing,” and “the average cost of a cyber-attack is estimated at USD 1 million”.

Cybersecurity requires addressing both securing digital information and the related networks, websites, and portals. As Patrick Mana, EATM-CERT Manager at Eurocontrol, says, “The challenge now is to make aviation systems and services progressively more and more cyber-resilient while remaining safe and cost-effective”.

So, to achieve the objective of anticipating the occurrence of cyber-attacks, it is important to create a cyber resilience framework and make it available to all stakeholders.

Data security incidents in the aviation sector

Nowadays cyber security in aviation is being taken more seriously than ever before, but civil aviation has still fallen victim to several cyber attacks. Those times, hackers gained access to sensitive data such as banking data, and personal data. Let’s take a closer look at some of the cases.

Air Canada’s breach

One significant attack happened in August 2018, when sensitive personal data of about 20,000 Air Canada customers was compromised.

Although an Air Canada representative made clear that no payment data was subtracted, it is known that phone numbers, email addresses, passport details, address, gender data, flyer program data, and more were among the stolen data. Of course, after the incident, the airline decided to work with leading industry experts to improve its cybersecurity.

British Airways cyber security issues

That same year 2018, there was another incident involving data of about 400,000 customers and some of the staff of British Airways. According to the Information Commissioner’s Office (ICO), the airline did not have adequate security measures in place to process important personal data.

The attack was conducted by means of a malicious code called Magecart in what was described as a javascript library attack. This time, the data theft took payment information, and it represented a financial loss of 20 million pounds because ICO fined the airline.

SITA – Not only airlines get hacked

One of the most recent attacks does not involve an airline directly, but SITA is one technology and telecommunications provider for many air transport organizations.

According to the organization’s statements, they provide services to about 90% of the airlines worldwide, and all of them experienced cyber risks when a security breach occurred in February of 2021, compromising more than 2 million records under SITA’s possession.

The attackers were able to slip through SITA’s security and reach their servers to access their Passenger Service System. This way, they stole passenger data stored in their servers that operated passenger processing systems for airlines, affecting names like Air New Zealand, Singapore Airlines, Cathay Pacific, among others.

This makes clear that, while the vast majority of attacks have airlines as their primary target, the whole industry, including airports and aircraft manufacturers, are at risk.

And we could continue mentioning cases. The same Cathay Pacific mentioned above suffered its own breach involving 9.4 million accounts.

In fact, if you go to Eurocontrol’s website, you can even access a map showing the most recent events, one of them being a phishing email scam pretending to be from American Airlines, a report published with a date of February 2022.

How to deal with it?

Understandably, airlines and other organizations are trying different ways to provide the best experience to their passengers.

From a mobile application to make ticket booking easier to more sophisticated technology both before and during flights, they are continuously doing all they can to improve that experience.

However, it is extremely important for all of us to take cybersecurity more seriously. Most attacks are indeed financially motivated, but a full-scale attack could result in a catastrophe for the safety of the passengers.

Airlines need to understand that they are always dealing with sensitive information, and any IT team should know that they can be attacked whenever they have an ongoing IT operation.

Therefore, investing in solutions like multi-factor authentication and more powerful cybersecurity technology should be a must.

From the passenger’s side, some measures can also be taken. Being aware of any suspicious activity like emails requesting credit card or passport information is a good starting point.

In general, companies in the aviation industry should work together with the corresponding authorities to improve aviation cybersecurity and restrict access to data in order to guarantee safety.