China targets aviation industry to spy and steal secrets

Security experts say that the country is the main threat actor threatening the security of the industry.
Written by Charlie Osborne, Contributing Writer

Chinese hackers are targeting aviation systems in the quest for information and intellectual property which will boost the country's competitiveness, security researchers say.

Cyberattacks against the aviation industry are nothing new, but with the inclusion of Internet-capable devices at the basic level of embedded devices to in-flight Wi-Fi and connected aviation systems, there are more avenues than ever that threat actors can exploit.

Successful attacks which have compromised systems and caused severe disruption to fliers and airlines alike have hit the spotlight in recent years.

In 2015, Polish airline LOT was forced to cancel 10 flights and delay over a dozen after a successful cyberattack against ground systems. This year, Istanbul's Ataturk and Sabiha Gokcen airports' passport control systems were the target of attacks and a group of threat actors believed to have originated from China hijacked airport announcement systems in Vietnam.

According to researchers from FireEye, since 2004, a total of 27 active threat actor groups have been detected targeting aviation as a whole, and 20 of which are based in China. FireEye says this is "the highest number of China-based threat groups we have observed targeting any single industry."


Bryce Boland

Speaking to ZDNet, Bryce Boland, chief technology officer for Asia Pacific at FireEye, said that the number of Chinese threat actors targeting the aviation industry is not only very high, but the majority of attacks conducted by these groups are successful.

Over the course of six months, a recent FireEye investigation revealed that 75 percent of aviation systems evaluated had malware in their environment which had not previously been detected and 30 percent had active attackers remotely controlling computer systems.

According to Boland, the most valuable aspects of aviation systems -- such as air traffic control and booking systems -- are attacked the most frequently.

Spear phishing is one of the most common attack vectors in which fraudulent emails contain malicious documents or links to fake websites used to later infect computer systems relating air traffic control, civilian aviation authorities, airlines, booking systems and manufacturers.

"The aviation sector is incredibly vast and its systems are numerous," the executive says. "Most of these systems have weaknesses and many are not well protected from threats."

As we saw in Vietnam, hacktivists can use airline information displays to get their political message out, but this is not the most serious problem facing the aviation industry today.

The majority of attacks against airlines and players in the aviation industry are for financial gain. Airlines store huge amounts of personal information on their passengers, credit card data and payment details which can be stolen and sold on the Dark Web, potentially leading to hefty profit margins for attackers.

Boland believes that the market for this stolen data is especially lucrative overseas, but these skills can also be used for more nefarious purposes. The executive says that it is "inevitable" that one day, cyberattacks against the aviation industry will end up putting passengers at risk.

FireEye says that state-linked threat actors play a "significant" part in attacks against the industry. Chinese groups, in particular, are attacking the aviation sector in order to support the country's government and military departments.

If a cyberattack compromises an air traffic control system, for example, these groups can steal information related to how controllers identify aircraft, how communication systems work, and data on surveillance technology related to radar and satellite signals.

This information is not only valuable for the Chinese government and military, but this intelligence, alongside airline and airport infrastructure information, can be used for both political and criminal purposes.

The executive noted:

"Access to these systems can also facilitate covert operations by enabling them to issue badges to operatives, bypass security cameras, and so on."

In addition, Boland says that data stolen in attacks against aviation firms may be used to enhance China's own defense and aviation markets, with the country seeking to improve its domestic aviation capabilities.

The security expert said that as China has "historically turned to outside sources for this information," cyber espionage is no surprise -- and so far, FireEye has spotted China-based threat groups which have targeted intellectual property which would help them manufacture their own aircraft and become more competitive.

While China appears to be a leading threat to players in the aviation industry, cyberattacks as a whole will likely continue to grow as a problem for the sector due to the lure of intellectual property and valuable data stored within.

Boland commented:

"The most important thing for companies in the aviation sector is to not be complacent and be aware of your threat profile so that you can plan your defense accordingly. Threat intelligence plays a vital role in this.

It's also important that someone is accountable for cyber security who reports to the board of directors, and that cybersecurity is a board level issue. The accountability should rest at the highest level of the organization to ensure it gets the priority it needs."

2016 Holiday gift guide: Top tech, gadgets to give this season

Editorial standards