threats to the aviation sector
DESCRIPTION
Threats to the Aviation Sector. Stu Solomon, iSIGHT Partners Vice President, Technical Services and Client Operations. iSIGHT Partners 200+ experts, 16 Countries, 24 Languages, 1 Mission. ThreatScape ® - A dversary Focused Intelligence. Global Reach. Cyber Crime. Cyber Espionage. - PowerPoint PPT PresentationTRANSCRIPT
Threats to the Aviation SectorStu Solomon, iSIGHT Partners
Vice President, Technical Services and Client Operations
2
iSIGHT Partners200+ experts, 16 Countries, 24 Languages, 1 Mission
www.isightpartners.com
Global Reach ThreatScape® - Adversary Focused Intelligence
Research: threats, groups; determine/capture motivation and intent
Analysis: Fuse knowledge across methods, campaigns, affiliations, historical context
Dissemination: Deliver high-fidelity, high-impact, contextual, actionable insights
Proven Intelligence Methodology
Cyber Crime
CyberEspionage
Denial-of-Service
Enterprise
Hacktivism
Industrial Control Systems
Mobile Vulnerability and
Exploitation
3
iSIGHT PartnersFormal Process Rich, Contextual Threat Intelligence
www.isightpartners.com
1. Research Team submits data based on collection
requirements set by analysts and customers – tagged with
source veracity
2. Analysis Team applies a best-of-breed methodology
to fuse all-source intelligence into validated
reporting linked to indicators
3. Customer feedback and ad-hoc requests for
information complete the loop of a dynamic
information collection process
iSIGHT Partners Analysis Team
iSIGHT Partners
Customers
Research Repository
• Human Intelligence
• Open Sources
• Community Engagement
• Underground Marketplaces
• Technical Sources
iSIGHT Partners Research Team
Todays Global Threat Landscape
Active & Global– Transcends Geographies and Sectors
Multiple Motivations– Cyber Crime, Espionage,
Hacktivism, Destruction, etc. Low Barriers for Entry
– Actors use tools that work; not necessarily sophisticated methods
– Open marketplace providingcapabilities
Structured & Vibrant– Ecosystem providing better tools,
infrastructure, sharing ideas and methods, pooling resources
www.isightpartners.com 4
5
The Threat Focus TrapCross-Over Attacks
Zeus Trojan:– Most Popular Credential Collection Malware– Originally Created by Russian Cyber Criminals– Cross-over to Cyber Espionage – Multiple benefits
DarkComet & University of Washington– Key logging trojan affiliated with cyber espionage campaigns
with a nexus to Iran– Cross-over to cyber crime – Ultimate goal: compromise financial credentials or personally
identifiable information (PII) to perform fraud or identity theft
www.isightpartners.com
6
Multiple
Adversary
Motivations
Aviation Sector Threats
www.isightpartners.com
Cyber Crime
Hactivism
CyberEspionage
7
Cyber Espionage
www.isightpartners.com
Competitive Advantage– Targets aviation and aerospace
engineering firms– Locates intellectual property for
commercial or military advantage Locational Info of Dissidents
– Travel dates and location information on individuals of interest
Cyber Espionage
8
China: National Priorities and Targeting
www.isightpartners.com
1. Internal SecurityA. Maintaining the regimeB. Separatist/Splitists
2. External SecurityA. Regional threatsB. Global securityC. Military modernization
3. Economic GrowthA. Energy Development and ConservationB. New-Generation IT IndustryC. Biology IndustryD. High-End Equipment ManufacturingE. New Energy
9
Chinese Teams – Conference Crew
www.isightpartners.com
Highly focused on Defense Industrial Base Identifiable by unique malware/infrastructure Targeting of US and Taiwan Uses conference attendee lists
– Military events– Vendors lists
10
Cyber Crime: Credential and Identity Theft Airline-Themed Phishing
– Fake offers for discounted airline tickets
– Lures for the installation of credential theft malware
Monetization Method– Airlines abused as a cash-out function
to support other criminal schemes– Actors may compromise airline
systems directly
www.isightpartners.com
Cyber Crime
11
Targeted Lures
www.isightpartners.com
AIAA materials used to entice recipients to click on malware embedded emails
Asprox malware campaign Credential theft
12
Hacktivism: Harassment
Hacktivists may target aerospace engineering firms for the promotion of ideological/political beliefs
Commercial aviation is generally less affected by this type of actor
www.isightpartners.com
Hacktivism
13
Hacktivism: Disruption & Destruction
Terrorism– This remains theoretical at this time– Control of aviation industrial control
systems could be used to enable kinetic attacks
– Hacktivists engage in information gathering
Conduct an attack Monitor persons of interest
www.isightpartners.com
Hacktivism
14
ADS-B Vulnerabilities
www.isightpartners.com
The Automatic Dependent Surveillance-Broadcast (ADS-B) system is subject to spoofing attacks.
Multiple spoofing operations possible:
– Scenario 1: An ADS-B system could be spoofed to generate a false hijacking code, one that could then be rescinded and creating a conflicting picture.
– Scenario 2: An ADS-B spoofing operation could generate a screen full of fake (ghost image) aircraft heading toward a private jet, while a regular radar signal from the vicinity of the jet shows a perfectly normal situation.
15
Additional Risks
Availability of 3rd Party Information– The Impact of Published Vulnerability
Research Common set of standards,
international policy– Shared responsibility between
governments, airlines, airports, and manufacturers
Access Control– Insider Threat– Part of an ecosystem; Internet
connectivity Balance Safety and Securitywww.isightpartners.com
16
Challenges to the Aviation Industry
www.isightpartners.com
Many victims of economic espionage are unaware of the crime until years after loss of the information– Inadequate or non-existent monitoring and incident response
to even detect activity Most companies don’t report intrusions in fear it could tarnish a
company’s reputation Won’t accuse corporate rivals or foreign governments of stealing
its secrets due to fear of offending potential customers and partners
Hard to assign monetary value to some types of information Many CIOs don’t focus on cyber security and are unaware of the
true threats
17
Lessons Learned From Other Industries
Establish strong information sharing protocols Drive Public/Private Partnership Enable a culture of (Information) Security Change the conversation to include business
context Employ basic information security hygiene Continuously seek to understand the evolving
threat Recognize that you are not unique Understand third party connections Agree on standards and support them as a
communitywww.isightpartners.com
18
iSIGHT Partners
Questions?
Website: www.isightpartners.com
E-mail: [email protected]
Information: [email protected]
www.isightpartners.com