Stu Solomon iSIGHT Partners Vice President Technical Services and Client Operations iSIGHT Partners 200 experts 16 Countries 24 Languages 1 Mission wwwisightpartnerscom 2 Global Reach ID: 276449
Download Presentation The PPT/PDF document "Threats to the Aviation Sector" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Threats to the Aviation Sector
Stu Solomon, iSIGHT PartnersVice President, Technical Services and Client OperationsSlide2
iSIGHT Partners
200+ experts, 16 Countries, 24 Languages, 1 Missionwww.isightpartners.com
2
Global Reach
ThreatScape
®
- A
dversary
Focused Intelligence
Research:
threats, groups; determine/capture motivation and intent
Analysis
:
Fuse knowledge across methods
, campaigns,
affiliations, historical
context
Dissemination
:
Deliver high-fidelity, high-impact, contextual, actionable
insights
Proven Intelligence Methodology
Cyber Crime
Cyber
Espionage
Denial-of-Service
Enterprise
Hacktivism
Industrial Control Systems
Mobile
Vulnerability and ExploitationSlide3
iSIGHT Partners
Formal Process
Rich, Contextual Threat Intelligence
www.isightpartners.com
3
1. Research Team submits data based on collection requirements set by analysts and customers – tagged with source veracity
2
. Analysis Team applies a best-of-breed methodology to fuse all-source intelligence into validated reporting linked to indicators3. Customer feedback and ad-hoc requests for information complete the loop of a dynamic information collection process
iSIGHT Partners Analysis Team
iSIGHT Partners Customers
Research Repository
Human Intelligence
Open Sources
Community Engagement
Underground Marketplaces
Technical Sources
iSIGHT Partners Research TeamSlide4
Todays Global Threat Landscape
Active & Global
Transcends Geographies and Sectors
Multiple Motivations
Cyber Crime, Espionage,
Hacktivism, Destruction, etc.
Low Barriers for EntryActors use tools that work; not necessarily sophisticated methodsOpen marketplace providing
capabilitiesStructured & VibrantEcosystem providing better tools,infrastructure, sharing ideas and methods, pooling resources
www.isightpartners.com
4Slide5
The Threat Focus Trap
Cross-Over Attacks
Zeus Trojan:
Most Popular Credential Collection Malware
Originally Created by Russian Cyber Criminals
Cross-over to Cyber Espionage
Multiple benefitsDarkComet & University of WashingtonKey logging trojan affiliated with cyber espionage campaigns with a nexus to Iran
Cross-over to cyber crime Ultimate goal: compromise financial credentials or personally identifiable information (PII) to perform fraud or identity
theftwww.isightpartners.com 5Slide6
Multiple
Adversary
Motivations
Aviation Sector Threats
www.isightpartners.com
6
Cyber Crime
Hactivism
Cyber
EspionageSlide7
Cyber Espionage
www.isightpartners.com
7
Competitive Advantage
Targets aviation and aerospace engineering firms
Locates intellectual property for commercial or military advantage
Locational Info of Dissidents
Travel dates and location information on individuals of interest
Cyber EspionageSlide8
China: National Priorities and Targeting
www.isightpartners.com
8
Internal Security
Maintaining the regime
Separatist/
Splitists
External Security
Regional threats
Global security
Military modernization
Economic Growth
Energy Development and Conservation
New-Generation IT Industry
Biology Industry
High-End Equipment Manufacturing
New EnergySlide9
Chinese Teams – Conference Crew
www.isightpartners.com
9
Highly focused on Defense Industrial Base
Identifiable by unique malware/infrastructure
Targeting of US and Taiwan
Uses conference attendee lists
Military events
Vendors listsSlide10
Cyber Crime: Credential and Identity Theft
Airline-Themed PhishingFake offers for discounted
airline
tickets
L
ures for the installation of credential theft
malwareMonetization MethodAirlines abused as a cash-out function to support other criminal schemesActors may compromise airline systems directly
www.isightpartners.com 10
Cyber CrimeSlide11
Targeted Lures
www.isightpartners.com
11
AIAA materials used to entice recipients to click on malware embedded emails
Asprox
malware campaign
Credential theftSlide12
Hacktivism: Harassment
Hacktivists may target aerospace engineering firms for the promotion of ideological/political beliefs
Commercial
aviation is generally less affected by this type of
actor
www.isightpartners.com 12
HacktivismSlide13
Hacktivism: Disruption & Destruction
TerrorismThis remains theoretical at this time
Control
of aviation industrial control systems could be used to enable kinetic
attacks
Hacktivists engage
in information gatheringConduct an attackMonitor persons of interest
www.isightpartners.com 13
HacktivismSlide14
ADS-B Vulnerabilities
www.isightpartners.com
14
The Automatic Dependent Surveillance-Broadcast (ADS-B) system is subject to spoofing attacks.
Multiple spoofing operations possible:
Scenario 1:
An ADS-B system could be spoofed to generate a false hijacking code, one that could then be rescinded and creating a conflicting picture.
Scenario 2:
An ADS-B spoofing operation could generate a screen full of fake (ghost image) aircraft heading toward a private jet, while a regular radar signal from the vicinity of the jet shows a perfectly normal situation.Slide15
Additional Risks
Availability of 3rd
Party Information
The
Impact of Published Vulnerability
ResearchC
ommon set of standards, international policyShared responsibility between governments, airlines, airports, and manufacturersAccess ControlInsider ThreatPart of an ecosystem; Internet connectivityBalance Safety and Security
www.isightpartners.com 15Slide16
Challenges to the Aviation Industry
www.isightpartners.com
16
Many victims of economic espionage are unaware of the crime until years after loss of the information
Inadequate or non-existent monitoring and incident response to even detect activity
Most companies don’t report intrusions in fear it could tarnish a company’s reputation
Won’t accuse corporate rivals or foreign governments of stealing its secrets due to fear of offending potential customers and partners
Hard to assign monetary value to some types of information
Many CIOs don’t focus on cyber security and are unaware of the true threatsSlide17
Lessons Learned From Other Industries
Establish strong information sharing protocolsDrive Public/Private
Partnership
Enable a culture of (Information) Security
Change the conversation to include business context
Employ basic information security hygiene
Continuously seek to understand the evolving threat Recognize that you are not uniqueUnderstand third party connections
Agree on standards and support them as a communitywww.isightpartners.com
17Slide18
iSIGHT Partners
Questions?
Website
:
www.isightpartners.com
E-mail:
ssolomon@isightpartners.comInformation: info@isightpartners.com
www.isightpartners.com 18