Cyber Attack Threat Increases in the Civil Aviation Sector

Tarih: Issue 90 - February 2019

ThinkTech is  the Technological Think Tank of STM Savunma Teknolojileri Mühendislik ve Ticaret A.Ş. and stands out with its cyber security studies with the guidance of the Presidency of Defense Industries.  ThinkTech recently published their Cyber Threat Status Report covering the last quarter of 2018 (October-December) on January 18, 2019.

In the year-end report where the diversification of cyber-attacks is reported, it is evaluated that in 2019, the custom attacks that target especially critical infrastructure as well as cyber spying will increase, machine learning and artificial intelligence capabilities will be used in cyber-attacks, new generation malware attacks having Anti-Sandbox skills, biometric security systems attacks, Ransomware attacks will target  cloud platforms (data storage and service hosting services, etc.) LoT environments and critical infrastructures. It is also underlined that the number of cyber-attacks that affect the civil aviation sector will increase.

The aviation industry, which has been developing rapidly in the world and in our country, is the target of cyber-attacks directly or indirectly, especially through the software used. Since the aviation industry is directly connected with many critical sectors such as transportation, communication and energy, the risk area is expanding further.

In STM ThinkTech’s the Cyber Threat Status Report, it is stated that hundreds of electronic applications in the aviation industry have become the new target of hackers. It is evaluated that many cyber threats, such as controlled the engines via in-flight entertainment systems, security gaps in the ticketing system, credit cards of the customers and the capture of their personal information will increase in the aviation sector in 2019. The report foresees that cyberattack activities could put flight safety at risk and may threaten their safety and lives, causing great economic losses.

Malware in Mobile Banking Applications

The Cyber Threat Report emphasizes that the number of malware targeting mobile banking applications increased in the last period of 2018, while malicious applications uploaded to the Google App Store targeted banks’ end users using Android operating systems; Identity / Customer Numbers and passwords of individual customers were stolen. In the report, it is stated that the applications that take the permissions of reading and sending SMS of the individuals constitutes a threat for customers, and the investigations revealed that the developers of these harmful applications have the same structure and contents except for the names.

Security Vulnerability is being Created Through False Fingerprinting 

The report also highlighted increasing cyber threats on biometric recognition systems. One of the most popular security methods used today are biometric recognition systems and they are threatened by fake fingerprints generated by machine learning and such fingerprints also put data security at great risk by cheating even smartphones and acting as fingerprints of many people.

The Importance of Cyber Fusion Centers on the Rise

The Cyber Threat Status Report emphasizes that security threats encountered in cyber space, which is an increasingly difficult area to control, contain many risks, and it is stated that in this framework, while institutions are exerting efforts to increase their cyber defense capacities, attackers are developing new methods. While the Report indicates that it is becoming important to integrate cyber security activities in today’s threat environment into Cyber Fusion Centers in order to reduce risks and to ensure the sustainability of operations.  It is also noted that the cyber threats and attacker capabilities rapidly are bypassing traditional threat detection technologies.  The average number of days required to detect an information security intrusion has reached 146 days. With the rapid evolution of cyber threats, the report states that many institutions are still unable to identify cyber vulnerabilities in a short time on their own, and such institutions need a cyber-fusion center to combine real and technical information in a comprehensive environment that can be interrelated in order to protect and defend corporate networks properly.