Are airlines companies as safe as they seem?

Lucía López Sánchez    15 March, 2022

Recently, the number of news reporting cybersecurity incidents involving airlines companies worldwide has increased; cybercriminals are targeting airlines more and more often. Some examples of these incidents are the DDoS attack suffered by the Iranian airline Mahan, or the steal of hundreds of thousands of Star Alliance passengers’ details.

Cyberattacks may cost airlines companies a large sum of money, not only because of the interruption of their services, but also for non-compliance fines related to different data protection laws. This situation can be observed in a news published in 2018, when British Airlines had to face a fine of $229 million after suffering a cyberattack.

Telefónica Tech team carried out a study with the objective of determining to what extent airlines are somehow unprotected and how much data could be gathered just by performing a general recognition collecting only public information (both on the Clearnet and on the Dark web), without intrusion tests being performed. To achieve this goal, and with the aim of making comparisons between territories, all kinds of data were collected from the ten most important airlines in five different regions of the world. These regions being America, Europe, APAC, Africa, and Middle East.

The detailed methodology and full study can be read in this full report. The study analyzed risks and potential CVEs, SSL/TLS servers’ security, data breaches and even dark web findings.

The amount of data found for the different regions is very similar, and the same mistakes seem to be repeated in all regions, such as subdomains with descriptive names that can provide helpful information for an attacker to map out a company’s attack surface. While all regions have a similar amount of leaked credentials, African airlines seem to struggle the most when it comes to the security of their websites and SSL/TLS servers. Even so, surprising as it may seem, all the active offers on common dark markets belong to American airlines, and many of them only cover the USA.

After analyzing all the collected information, airlines companies in all regions seem to have potential security issues. This study shows up that anyone could gather valuable information about them in a few clicks and searches to perform a more sophisticated targeted attack and that it is necessary to implement control and safety measures such as a DRP (Digital Risk Protection) service to minimize the exposure.

Updated data such as SSL/TLS servers’ quality and cipher versions, open ports and potential CVEs could be a starting point in search of security holes and vulnerable applications. On the other hand, leaked credentials could be the entry point. It is not necessary to have very extensive knowledge in the field to find useful and sensitive information. A large amount of data can be obtained in the process of information gathering by using off-the-shelf tools and methods.

It is necessary to spread awareness about the scope of cybersecurity in these kinds of services and it is extremely recommended to adopt DRP measures or services that help monitor these threats. Telefónica Tech’s DRP service has tools and qualified analysts helping to protect valuable and private data and reputation, preventing, identifying, and mitigating a wide variety of threats.

Comprehensive solutions against cyberthreats that cover the whole process from early detection to final response are needed nowadays more and more.

Read the full study and the detailed methodology: DOWNLOAD HERE

Leave a Reply

Your email address will not be published. Required fields are marked *