A recent study by a security company shows that Chinese hackers are conducting successful cyberattacks on the aviation industry.
Long since, security experts have been warning firms and governments against Chinese hacker attacks aiming at sensitive information and business secrets. Fire Eye, a security software company, released a report showing that the cybercriminals from the Asian country are attacking the flight industry. According to Fire Eye, the breaches are not only frequent, but they are also quite successful.
Bryce Boland, who is responsible for IT at the Asia-Pacific region for Fire Eye, says air traffic control and booking systems are the most vulnerable parts, that’s why hacker attacks on the aviation industry are common. An example from 2016 shows that the electronic passport control systems at the Atatürk and the Sabiha Gökçen airports were the targets of the breaches. A Vietnamese hacker group, whose headquarters are located in China, took the display panels under their control and spread insulting messages in English.
The study also shows that most of the cyberattacks are carried out to make profits. Airlines collect and store sensitive customer data, including credit card details and personal passenger information. If hackers acquire these, they can make decent profits by selling the information on dark web markets and forums. Security experts argue that stricter control laws and increasing storage time can boost the number of cyberattacks on the industry.
According to Boland, unlike other cybercriminals, Chinese hackers have an advantage since they are connected to the Chinese government and have access to military technologies. With this, they could learn how external control systems, security systems, and monitoring technologies worked. The information acquired by the cybercriminals could be of interest to the Chinese intelligence services, but could also help the country’s own industry in developing their own systems.
Boland says that companies should be aware of the growing threat of malicious software. As a solution, the security expert recommends establishing a functioning counterintelligence system. According to Fire Eye, cybersecurity should be the first priority for aviation firms.
The study shows that 75 percent of the analyzed companies at the aviation industry are infected with malicious software. Most of the firms don’t even know that they have malware in their systems. The subsystems at 30 percent of the companies are actively controlled by hackers.
In October 2016, an anonymous group of cybercriminals launched massive DDoS attacks to demand ransom in BTC. The hackers used the Mirai Internet of Things (IoT) botnet, concentrating around 500,000 IoT devices in China, Hong Kong, and South Korea. A cybercriminal from the same group called “BestBuy” claimed that he infected approximately 3.2 million routers with an ineliminable malware, which cannot be fixed or eliminated with a firmware fix, factory reset or clearance of memory. According to a Motherboard report, this could be only done if the attacker compromised routers in a server that exploits router vulnerability and injecting malware.
“They are ours, even after reboot. They will not accept any new firmware from [Internet Service Provider] or anyone, and connect back to us every time :). Bots that cannot die until u throw device into the trash,” BestBuy said.
To prove his claims, the hacker shared a live feed of device access updates. It showed that in the morning of December 5, 500,000 routers were infected. The number had grown in the same afternoon, with 1.3 million infected IoT devices.