Scenario 2 - Flight Safety Foundation

Report
Threats to the Aviation Sector
Stu Solomon, iSIGHT Partners
Vice President, Technical Services and Client Operations
iSIGHT Partners
200+ experts, 16 Countries, 24 Languages, 1 Mission
Global Reach
ThreatScape® - Adversary Focused Intelligence
Cyber Crime
Cyber
Espionage
Hacktivism
Industrial
Control Systems
Denial-of-Service
Mobile
Enterprise
Vulnerability
and Exploitation
Research: threats, groups;
Analysis: Fuse knowledge
Dissemination: Deliver high-
determine/capture motivation
and intent
across methods, campaigns,
affiliations, historical context
fidelity, high-impact, contextual,
actionable insights
Proven Intelligence Methodology
www.isightpartners.com
2
iSIGHT Partners
Formal Process  Rich, Contextual Threat Intelligence
• Human
Intelligence
• Open
Sources
iSIGHT Partners
Research Team
Research
Repository
iSIGHT Partners
Analysis Team
iSIGHT Partners
Customers
• Community
Engagement
• Underground
Marketplaces
• Technical
Sources
www.isightpartners.com
1. Research Team submits data
based on collection requirements
set by analysts and customers –
tagged with source veracity
2. Analysis Team applies a bestof-breed methodology to fuse allsource intelligence into validated
reporting linked to indicators
3. Customer feedback and ad-hoc
requests for information
complete the loop of a dynamic
information collection process
3
Todays Global Threat Landscape

Active & Global
–

Multiple Motivations
–

Cyber Crime, Espionage,
Hacktivism, Destruction, etc.
Low Barriers for Entry
–
–

Transcends Geographies and Sectors
Actors use tools that work; not
necessarily sophisticated methods
Open marketplace providing
capabilities
Structured & Vibrant
–
Ecosystem providing better tools,
infrastructure, sharing ideas and methods,
pooling resources
www.isightpartners.com
4
The Threat Focus Trap
Cross-Over Attacks
Zeus Trojan:
–
–
–
–
Most Popular Credential Collection Malware
Originally Created by Russian Cyber Criminals
Cross-over to Cyber Espionage
Multiple benefits
DarkComet & University of Washington
– Key logging trojan affiliated with cyber espionage campaigns with a
nexus to Iran
– Cross-over to cyber crime
– Ultimate goal: compromise financial credentials or personally identifiable
information (PII) to perform fraud or identity theft
www.isightpartners.com
5
Aviation Sector Threats
Multiple
Adversary
Motivations
www.isightpartners.com
6
Cyber Espionage
 Competitive Advantage
– Targets aviation and aerospace engineering
firms
– Locates intellectual property for
commercial or military advantage
 Locational Info of Dissidents
– Travel dates and location information on
individuals of interest
www.isightpartners.com
7
China: National Priorities and Targeting
1.
Internal Security
A.
B.
2.
External Security
A.
B.
C.
3.
Maintaining the regime
Separatist/Splitists
Regional threats
Global security
Military modernization
Economic Growth
A.
B.
C.
D.
E.
Energy Development and Conservation
New-Generation IT Industry
Biology Industry
High-End Equipment Manufacturing
New Energy
www.isightpartners.com
8
Chinese Teams – Conference Crew




Highly focused on Defense Industrial Base
Identifiable by unique malware/infrastructure
Targeting of US and Taiwan
Uses conference attendee lists
– Military events
– Vendors lists
www.isightpartners.com
9
Cyber Crime: Credential and Identity Theft
 Airline-Themed Phishing
– Fake offers for discounted airline tickets
– Lures for the installation of credential theft
malware
 Monetization Method
– Airlines abused as a cash-out function to
support other criminal schemes
– Actors may compromise airline systems
directly
www.isightpartners.com
10
Targeted Lures
 AIAA materials used to entice
recipients to click on malware
embedded emails
 Asprox malware campaign
 Credential theft
www.isightpartners.com
11
Hacktivism: Harassment
 Hacktivists may target aerospace
engineering firms for the promotion of
ideological/political beliefs
 Commercial aviation is generally less affected
by this type of actor
www.isightpartners.com
12
Hacktivism: Disruption & Destruction
 Terrorism
– This remains theoretical at this time
– Control of aviation industrial control systems
could be used to enable kinetic attacks
– Hacktivists engage in information gathering
 Conduct an attack
 Monitor persons of interest
www.isightpartners.com
13
ADS-B Vulnerabilities


The Automatic Dependent SurveillanceBroadcast (ADS-B) system is subject to
spoofing attacks.
Multiple spoofing operations possible:
– Scenario 1: An ADS-B system could be
spoofed to generate a false hijacking
code, one that could then be rescinded
and creating a conflicting picture.
– Scenario 2: An ADS-B spoofing operation
could generate a screen full of fake (ghost
image) aircraft heading toward a private
jet, while a regular radar signal from the
vicinity of the jet shows a perfectly
normal situation.
www.isightpartners.com
14
Additional Risks
 Availability of 3rd Party Information
– The Impact of Published Vulnerability
Research
 Common set of standards, international
policy
– Shared responsibility between
governments, airlines, airports, and
manufacturers
 Access Control
– Insider Threat
– Part of an ecosystem; Internet connectivity
 Balance Safety and Security
www.isightpartners.com
15
Challenges to the Aviation Industry





Many victims of economic espionage are unaware of the crime until years
after loss of the information
– Inadequate or non-existent monitoring and incident response to even
detect activity
Most companies don’t report intrusions in fear it could tarnish a company’s
reputation
Won’t accuse corporate rivals or foreign governments of stealing its secrets
due to fear of offending potential customers and partners
Hard to assign monetary value to some types of information
Many CIOs don’t focus on cyber security and are unaware of the true threats
www.isightpartners.com
16
Lessons Learned From Other Industries

Establish strong information sharing protocols

Drive Public/Private Partnership

Enable a culture of (Information) Security

Change the conversation to include business context

Employ basic information security hygiene

Continuously seek to understand the evolving threat

Recognize that you are not unique

Understand third party connections

Agree on standards and support them as a community
www.isightpartners.com
17
iSIGHT Partners
Questions?
Website: www.isightpartners.com
E-mail: [email protected]
Information: [email protected]
www.isightpartners.com
18

similar documents