Commercial airlines accounted for 61 percent of all detected aviation-related cyber-attacks in 2020, according to new data collected by Eurocontrol analyzing rising levels of risk for the industry from criminals, hackers and state-sponsored cyber-attackers.
The latest in a series of Think Papers, Eurocontrol used data collected from its European Air Traffic Management Computer Emergency Response Team (EATM-CERT), which reported a 530 percent increase in the number of cyber-attacks that were reported to or identified by the team between 2019 and 2020. None of the cyber attack methods or attempts reported by EATM-CERT were directly against safety-critical aircraft systems or passenger mobile devices connected to in-flight internet.
EATM-CERT’s report notes its system identified or received reports on a total of 775 cyber-attacks on airlines over the course of 2020, a significantly higher number than the next two aviation sectors combined, just over 200 for aviation OEMs and 150 for airports.
“The vast majority of these attacks – 95 percent – were financially motivated: 739 out of 775 incidents. This led to financial loss in 55 percent of cases, and the leaking or theft of personal data in an additional 34 percent of cases,” EATM-CERT notes in the report.
Eurocontrol also categorized the type of attacks against airlines and others and found that based on the 2020 data, attackers overwhelmingly targeted airlines with fraudulent websites and data theft. Researchers attributed the fraudulent website trend to the uncertainty brought on by the COVID-19 pandemic related to airline ticket changes and refunds.
Aviation manufacturers are highlighted in the report as being the most targeted for data theft, with 122 of the 206 total reported cyber-attacks against them coming in the form of cybercriminals seeking to monetize their intellectual property. The shift of many OEMs to cloud-based infrastructure to store and access their data is also problematic, according to EATM-CERT, because it widens the threat surface giving attackers multiple devices connected to the same cloud to go after.
The new report also highlights some of the attacks that were successful against high-profile companies, including a successful one against EasyJet that the U.K.-based low-cost carrier reported in May 2020. That attack led to 9 million EasyJet passengers having their personal information, email addresses and travel details exposed.
A chart featured in the new Eurocontrol report shows how the number of cyber attacks reported to or identified by EATM-CERT. (Eurocontrol)
More recently, in March, well-known aviation IT supplier SITA reported that it was the victim of a cyber-attack leading involving certain passenger data that was stored on SITA’s airline passenger service system servers. SITA’s IT systems manage around 90 percent of passenger bookings for airlines, and although the breach has not yet been quantified, EATM-CERT’s report notes that it could “dwarf the Cathay Pacific incident in terms of millions of exposed records,” referring to a 2018 attack on Cathay Pacific where 9.4 million passenger records were stolen.
An increase in the number of ransomware attacks—the use of malware to infect a computer or IT system and restrict user access until a ransom is paid—is also highlighted in the report. Examples include a June 2020 ransomware attack on VT San Antonio Aerospace, resulting in 1.5 terabytes of sensitive data stolen. A March 2021 ransomware attack against Spirit Airlines that the U.S.-based carrier still has not acknowledged is also highlighted by EATM-CERT.
“Every week, an aviation actor suffers a ransomware attack somewhere in the world, with big impacts on productivity and business continuity, let alone data loss and/or costly extortion demands paid in order to restart operations,” the EATM-CERT team writes in the report. “To be better prepared to manage a ransomware attack, EATM-CERT has teamed up with A-ISAC, the Aviation Information Sharing and Analysis Centre, on a joint awareness campaign about ransomware to help aviation stakeholders better understand the threat, and recommend best practices to reduce risks.”
EATM-CERT researchers are also recommending the development of a new European Aviation Common Public Key Infrastructure designed to use digital identification and provide a new secure medium for electronic communications and transactions between European aviation actors.