Cybersecurity threats are on the rise, and as organizations increasingly rely on third-party vendors to support their operations, it’s crucial to ensure that these partners uphold high-security standards. A third-party security assessment is vital in understanding and mitigating the risk posed by engaging new vendors and fostering collaborative relationships with third parties. Are you prepared …
What is API Penetration Testing? API penetration testing, or API pentesting, is a specialised form of security testing focused on identifying and addressing security vulnerabilities within an API (Application Programming Interface). APIs are the backbone of modern web applications, enabling communication between different software systems. To ensure the API’s security posture is robust against …
Mobile applications are ubiquitous, but their security can be a concern. Unlike web applications, in a mobile landscape, both the device and the mobile application have a crucial role in security due to increasing cyber threats. Mobile application penetration testing (mobile app pen testing) is a proactive security measure to identify and address vulnerabilities before …
Businesses increasingly migrate to cloud-based solutions for storage, applications, and critical functions. While the cloud offers scalability and agility, it also introduces new security challenges. Cloud penetration testing is a crucial defence mechanism for proactively identifying and addressing these vulnerabilities. What is Cloud penetration testing? Cloud pen testing replicates a controlled cyberattack on your cloud …
In episode 333 of the Shared Security Podcast, Tom and Scott discuss a recent massive data breach at Ticketmaster involving the data of 560 million customers, the blame game between Ticketmaster and third-party provider Snowflake, and the implications for both companies. Additionally, they discuss Live Nation’s ongoing monopoly investigation. In the ‘Aware Much’ segment, the […]
Cybersecurity in the aviation industry is not just about protecting data; it’s about safeguarding lives. A single cyberattack can have catastrophic consequences, disrupting air travel, compromising safety, and causing significant economic damage. This article aims to provide a comprehensive guide to OT cybersecurity in the aviation industry. Whether you’re a cybersecurity professional, a stakeholder in the aviation industry, or simply interested in the intersection of technology and aviation, this guide will provide valuable insights into the critical role of cybersecurity in aviation. Statistics on Recent OT/IT cyberattacks in the Aviation Industry The aviation sector has become a rising target for cyberattacks due to its reliance on vastly interconnected digital infrastructures, global supply chains, and the torrential volume of sensitive data it handles. These statistics highlight the increasing threat of OT cyberattacks in the aviation industry and underscore the importance of robust cybersecurity measures. Understanding Operational Technology (OT) in Aviation Definition of Operational Technology (OT) in Aviation Operational technology (OT) refers to the hardware and software systems used to monitor, control, and manage physical processes and machinery in various industries, including aviation. Unlike information technology (IT), which primarily deals with data processing and communication, OT systems directly interact with the physical world. In the aviation industry, OT is essential for the safe and efficient operation of aircraft, airports, and air traffic control systems. Understanding the OT Systems Used in the Aviation Industry and Their Role OT plays a pivotal role in the aviation industry. It refers to the hardware and software used to change, monitor, or control physical devices, processes, and events in the enterprise. In the context of aviation, OT encompasses the systems and equipment that ensure the smooth operation of flights and related services. OT is deeply planted in the aviation industry, touching on every aspect from flight operations to passenger services. Its role is critical in ensuring safety, efficiency, and reliability in aviation operations. The Current State of OT Cybersecurity in Aviation The current cybersecurity landscape in aviation is characterized by a significant rise in cyber threats targeting OT systems. These threats are not just increasing in number but also in sophistication, with high-value targets in the aviation industry handling a vast amount of valuable data, including passenger information, financial records, and proprietary technology. This has led to an increase in motivations for threat actors, ranging from data and monetary theft to causing disruptions and harm. 1. The dynamic threat Landscape The aviation industry has seen a significant increase in cyber threats targeting OT systems. These threats range from ransomware attacks to data breaches, and their frequency and sophistication are on the rise. The interconnected nature of OT systems in aviation means that a single vulnerability can have far-reaching impacts, affecting everything from flight operations to passenger services. 2. Impact of Cyber Threats The potential impact of cyber threats on the aviation industry is substantial. A successful attack can disrupt flight operations, leading to delays or cancellations. In the worst-case scenario, a cyberattack could compromise the safety of flights. Additionally, data breaches can lead to the loss of sensitive data, damaging the reputation of airlines and resulting in significant financial losses. 3. Cybersecurity Measures In response to the growing threat landscape, the aviation industry has been taking steps to improve OT cybersecurity. These measures include implementing robust security controls, conducting regular risk assessments, and training employees on cybersecurity best practices. However, the rapidly evolving nature of cyber threats means that these measures need to be continually updated and improved. 4. Regulatory Environment The regulatory environment for OT cybersecurity in aviation is also evolving. Regulatory bodies around the world are introducing new standards and regulations aimed at improving cybersecurity in the industry. These regulations are driving changes in the industry, but they also present challenges, as airlines and other industry stakeholders need to ensure they are compliant. Recent Cybersecurity Incidents in the Aviation Industry Boeing We have already spoken about the case earlier. This reiterates the fact that the aerospace sector has become a rising target for cyberattacks due to its reliance on vastly interconnected digital infrastructures, global supply chains, and the torrential volume of sensitive data it handles. More recently, this attack trend has been amplified by the rapidly growing integration of Industrial Internet of Things (IIoT) technologies, rising geopolitical tensions, and the US government’s decision to designate aerospace and aviation as critical infrastructure. As mentioned before, Boeing Chief Security Officer Richard Puckett noted that “occurrences of ransomware inside the aviation supply chain” had shot up by 600% in 2022. This sectoral ransomware trend has persisted since Puckett flagged the threat, headlined by LockBit 3.0 ’s breach of Boeing last November and its alleged compromise of the non-profit aerospace corporation. Moreover, the European Organization for the Safety of Air Navigation (Eurocontrol) reported that ransomware was the sector’s leading attack trend in 2022, accounting for 22% of all malicious incidents. In fact, there were 52 attacks reported in 2020, 48 attacks in 2021, and 50 attacks reported by the end of August 2023, indicating a consistent occurrence of attacks on the aviation industry. Cyberattacks on London City Airport and Birmingham Airport Both of these airports experienced disruptions due to cyber intrusions. Moreover, ransomware attacks on supply chain players have seen an alarming rise, increasing by as much as 600% since the previous year. Air Albania Cyberattack A recent report highlighted a cyberattack against Air Albania. The details of the attack and its impact were not disclosed, but it underscores the vulnerability of airlines to cyber threats. Cambodia Angkor Air Cyberattack: The Host Kill Crew Hackers targeted Cambodia Angkor Air. The specifics of the attack and its consequences were not revealed, but it’s another example of airlines being targeted by cybercriminals. Gulf Air Cyberattack Gulf Air was also a victim of a cyberattack. The details of the attack and its impact were not disclosed, but it highlights the ongoing threat to airlines from cyberattacks. Qatar Airways Data Leak Qatar Airways suffered a data leak allegedly caused by the R00TK1T
The ConnectWise IT Nation Secure Event was an electrifying gathering of cybersecurity leaders, experts, and enthusiasts. With a focus on innovation and collaboration..
Router vulnerabilities present significant risks to both individuals and organizations. One such vulnerability has been identified in the TP-LINK Archer series, specifically affecting the Archer C5400X Tri-Band Gaming Router. Our recent analysis, conducted using our cutting-edge binary zero-day identification feature, revealed multiple severe vulnerabilities, including Remote Code Execution (RCE). In this blog, we will discuss […]
China is increasingly targeting Canadian citizens and organizations through the scale and scope of its cyber operations, warned the Canadian Centre for Cyber Security (Cyber Centre) in a cyber threat bulletin issued Monday.
The Cyber Centre said China's cyber operations surpass other nation-state cyber threats in terms of volume, sophistication, and breadth of targeting. China's cyber threat actors have targeted a wide range of sectors in Canada, including all levels of government, critical infrastructure, and the Canadian research and development sector.
“The threat from China [to Canadian organizations] is very likely the most significant by volume, capability, and assessed intent. China-sponsored cyber threat actors will very likely continue targeting industries and technologies in Canada that contribute to the state’s strategic priorities.”
China Increasingly Targeting Canadians through Cyberespionage
Chinese cyber threat actors often operate under the directives of PRC intelligence services, targeting information that aligns with the national policy objectives of Beijing. This includes economic and diplomatic intelligence relevant to the PRC-Canada bilateral relationship and technologies prioritized in PRC's central planning, Canada said.
Government of Canada networks have been compromised multiple times by Chinese actors, the Cyber Centre said. With all known compromises addressed, Chinese cyber threat actors still frequently conduct reconnaissance against federal networks, and other government organizations should be aware of the espionage risk.
Last month, British Columbia, the westernmost province in Canada, reported facing multiple “sophisticated cybersecurity incidents” on government networks. Public Safety Minister and Solicitor General Mike Farnworth later told reporters that an unnamed state actor made three attempts to breach B.C. government networks.
Chinese threat actors also target large datasets containing personal information for bulk data analysis and profiling, the Cyber Centre warned. Online services often collect personal information from their users to function. When personal information is exposed through data breaches or willingly released by the user, it can be used by cyber threat actors to facilitate identity theft or targeted fraud against the user.
Cyber threat actors can collect financial details and social information, information on habits, health, and home security, and location and travel data.
The targets include:
Government entities at all levels, including federal, provincial, territorial, municipal, and Indigenous.
Organizations or individuals in close partnership with government entities.
Universities, labs, and technology companies involved in research and development of PRC-prioritized technologies.
Individuals or organizations perceived as threats by the PRC, especially those advocating for Taiwan and Hong Kong independence and Chinese democracy.
[caption id="attachment_74511" align="aligncenter" width="1024"] Source: Canadian National Threat Assessment Report 2023-24[/caption]
Elections, Critical Infrastructure Targeted
Canada recently revealed unsuccessful Chinese attempts to interfere in past elections too. Beijing has refuted these allegations but the Canadian Security Intelligence Service (CSIS) in an annual report warned of ongoing Chinese interference in Canadian political affairs, risking democratic integrity.
“Canada’s strong democratic institutions, advanced economy, innovative research sectors, and leading academic institutions make Canada an attractive target for cyber-enabled espionage, sabotage, and foreign influenced activities, all of which pose significant threats to Canada’s national security,” the report said.
The report identified China as a state-based threat conducting widespread cyberespionage across various sectors, including government, academia, private industry, and civil society organizations.
The Cyber Centre also shares concerns with the U.S. about PRC cyber threat groups pre-positioning network access for potential attacks on North American critical infrastructure in case of conflict in the Indo-Pacific.
"The Cyber Centre assesses that the direct threat to Canada’s critical infrastructure from PRC state-sponsored actors is likely lower than that to U.S. infrastructure, but should U.S. infrastructure be disrupted, Canada would likely be affected as well due to interoperability and interdependence in the sectors of greatest concern."
Sectors of greatest concern include energy, telecommunications, and transportation.
However, the prelude to the attacks on the provincial government networks also saw the targeting of the healthcare sector in the country, which makes it a cause of concern too. The first of the attacks in this sector was on the retail and pharmacy chain London Drugs, followed by a cyberattack on the First Nations Health Authority (FNHA), which compromised its employee information and limited personal data.
Threat Tactics Detailed
PRC cyber threat actors are known for several sophisticated techniques, the report said:
Co-opting compromised small office and home office (SOHO) routers to conduct activity and avoid detection.
Using built-in network administration tools for malicious activity, blending into normal system traffic.
Compromising trusted service providers to access client information or networks.
Rapidly weaponizing and proliferating exploits for newly revealed vulnerabilities, posing a continuous risk.
Mitigating the Chinese Threat
The Cyber Centre advises the Canadian cybersecurity community, especially provincial, territorial, and municipal governments, to enhance their awareness and protection against PRC cyber threats. Recommended measures include:
Isolate Critical Infrastructure: Isolate critical components and services from the Internet and internal networks and test manual controls for operational continuity.
Increase Vigilance: Monitor networks for tactics, techniques, and procedures (TTPs) reported by the Cyber Centre and partners. Focus on identifying and assessing unusual network behavior.
Restrict Movement: Pay attention to vulnerable entry points, such as third-party systems. Disable remote access from third-party systems during incidents.
Enhance Security Posture: Patch systems focusing on vulnerabilities identified by the U.S. Cybersecurity and Infrastructure Security Agency. Enable logging, deploy network and endpoint monitoring, and implement multi-factor authentication. Create and test offline backups.
Incident Response Plan: Have a cyber incident response plan and continuity of operations and communications plans ready and tested.
By adopting these measures, organizations can better defend against and mitigate PRC cyber threats, the report said.
RBI has issued comprehensive master directions and guidelines for banks and non-banking financial corporations to identify and address operational risks and weaknesses. These guidelines are based on recommendations from working groups focused on information security, e-banking, governance, and cyber fraud. The primary motivation behind these directives is the growing need to mitigate cyber threats arising […]
Views: 3Source: www.cybertalk.org – Author: slandau By Zac Amos, Features Editor, Rehack.com. In recent years, ransomware has emerged as a critical threat to the healthcare industry, with attacks growing in frequency, sophistication and impact. These cyber assaults disrupt hospital operations, compromise patient safety and undermine data integrity. Understanding how ransomware tactics have evolved — from basic phishing […]
Source: securityboulevard.com – Author: Sectrio If there were any doubts earlier, 2023 has shown us how important OT systems are. Operational technology has become one of the most crucial factors for safeguarding critical infrastructure – from electrical grids, transportation networks, and manufacturing plants to water treatment facilities. OT is now a part of most industrial […]
Source: www.cybertalk.org – Author: slandau EXECUTIVE SUMMARY: Email is the #1 means of communication globally. It’s simple, affordable and easily available. However, email systems weren’t designed with security in mind. In the absence of first-rate security measures, email can become a hacker’s paradise, offering unfettered access to a host of tantalizingly lucrative opportunities. Optimize your […]
Login
The ConnectWise IT Nation Secure Event was an electrifying gathering of cybersecurity leaders, experts, and enthusiasts. With a focus on innovation and collaboration..