US-based Satcom Direct (SD) has noted a year-on-year increase in attempted cybersecurity attacks on business aviation aircraft subscribed to the multi-layered SD Threat Monitoring service. Eighty one per cent of the nearly 600 subscribed aircraft have experienced a cyber event that has been thwarted by the SD service.
In addition, the seriousness of the attempted hacks has amplified, with a 54 per cent increase in critical and high-level threats from the same period last year. A critical threat represents activity that can affect default installations of widely deployed software resulting in the compromise of servers and devices, as well as leaving the door open for other hackers. Trojans, viruses and operating system vulnerabilities all fall into the critical category. A high level represents a threat from web browser exploitation or malware, which can be elevated to a critical status. This type of threat can potentially cause serious long-term damages to corporate networks.
In particular, SD has identified a trend that shows an increase in attacks from advanced persistent threat groups such as the well-known Fancy Bear, as well as sophisticated hackers who are often commissioned by nation states or criminal organisations to specifically target VIPs.
Senior director of cybersecurity Josh Wheeler says: “These perpetrators making particularly damaging threats invariably involve a group of black hat hackers working in a closed network that continuously attack aircraft. This determined, networked approach is harder to mitigate, but our sophisticated threat monitoring approach combines technology with human intervention to effectively detect, block and prevent threats.”
The SD Threat Monitoring module, accessible through the SD Pro dashboard, constantly monitors all inbound and outbound threats from aircraft subscribed to the 24/7 monitoring service. Delivering a real-time, centralised in-flight view of the cabin network, it makes aircraft data activity visible to flight departments and the SD cybersecurity experts. Abnormal network behaviour is highlighted using a variety of threat analysis and prevention solutions, as well as human expertise. Potential threats, attacks and intrusions are blocked before they reach the digital devices or aircraft. If a compromised device is identified in flight, threats can be blocked before they propagate to other passengers or 'call home' to the malicious actor. Operating in real-time, the system alerts users, identifies causes and provides remedial steps and works for all level of threats from low through to critical.
“As the digitisation of aviation trend continues, aircraft are becoming operating systems in themselves so mitigating data risk is imperative,” adds Wheeler. “Regardless of whether you are on the ground or in the air, if you can see the internet, then the internet and the hackers are most definitely able to see you. Altitude does not make you safe and we are encouraging existing and new customers to be prepared.”