Where Is Airline System Security Going Wrong?

In 2018, Cathay Pacific admitted to a huge data breach in which the personal details of 9.4 million passengers were compromised. Just a month prior to that, British Airways had announced that around 380,000 card payments were compromised when hackers stole customer names, street, and email addresses, credit card numbers, expiry dates and security codes. While these incidents were a huge setback for the respective airlines, they also called the aviation industry’s security standards into question.

In the case of Cathay Pacific, some security experts pointed out that the airline was in the process of making the shift from legacy systems to the cloud. Without a complete reassessment of the airline’s security posture, migrating to the cloud can result in security vulnerabilities, which attackers take advantage of.

Though the Cathay Pacific breach was discovered in May 2018, the airline did not disclose this information until October 2018. The hackers were able to exfiltrate valuable data like name, date of birth, phone number, email, address, passport number, and historical travel information.

According to Luc Tytgat, Director of Strategy and Safety Management at the European Aviation Safety Agency (EASA), aviation systems were subject to an average of 1,000 attacks each month. But when attacks on major airlines are successful, customer confidence in the aviation industry takes a big hit.

While the airline has not shared details about the attack vector, it is possible that the hackers were able to clandestinely move laterally within the network to gain access to CRM systems which held the customers’ personal and financial data.

How Airlines Can Fortify Their Security

During the Amazon Web Services (AWS) Hong Kong Summit in 2017, it was mentioned that Cathay Pacific was using AWS to hold customer-facing applications, such as online check-in system, flight schedule, fares, and web hosting. This might imply that customer data hosted on AWS would be accessible from front-end apps.

This is a common situation in many enterprises which operate in a hybrid cloud environment. Hackers who gain access to the system can launch an APT-style attack without being detected for months. This gives them enough time to scan for sensitive information across servers and exfiltrate large volumes of data.

To prevent any unauthorized lateral movement within the network, enterprises can implement software-defined segmentation at the granular level, which allows security policies to be driven down to individual hosts. As far as threat detection is concerned, in-depth, centralized cross-segment traffic visibility is key to gain a real-time view of all communication within the network, including East-West traffic.

Endpoint vulnerability is another security issue that airlines and airport operators need to consider. Check-in kiosks, ticket vending machines, point of sale (POS) terminals, and other critical assets which are integral to airline operations can become entry points for Advanced Persistent Threats (APT lateral threats), malware, and ransomware.

Traditional antivirus is not capable of protecting against these sophisticated threats. To effectively lockdown endpoints, airlines need to implement security solutions which provide complete process level visibility and control, making endpoints tamper-proof.

As attacks increase in frequency and sophistication, the probability of them being successful also shoots up. In combination with proactive security practices, the aviation industry needs to have strict compliance mechanisms in place to ensure data security and passenger safety.

ColorTokens Xtended Zero Trust Platform enables micro-segmentation down to the host level in both local servers and hybrid cloud environments making it easier for enterprises to effectively secure dynamic application workloads.

Find out how ColorTokens protects airports from cyber threats here.