Attempted cybersecurity attacks on business aircraft are on the rise according to Satcom Direct (SD). Of the nearly 600 business aircraft that subscribe to SD’s Threat Monitoring service, 81% have experienced a cyber event that was warded off by the service.
In addition, the seriousness of the attempted hacks has amplified, with a 54% increase in critical and high-level threats from the same period last year. A critical threat represents activity that can affect default installations of widely deployed software resulting in the compromise of servers and devices, as well as leaving the door open for other hackers. Trojans, viruses and operating system vulnerabilities all fall into the critical category. A high level represents a threat from web browser exploitation or malware, which can be elevated to a critical status. SD says this type of threat can cause serious long-term damage to corporate networks.
In particular, SD has identified an increase in attacks from advanced persistent threat groups and sophisticated hackers that are often commissioned to specifically target VIPs. “These perpetrators making particularly damaging threats invariably involve a group of black-hat hackers working in a closed network that continuously attack aircraft,” said Josh Wheeler, senior director of cybersecurity at SD. “This determined, networked approach is harder to mitigate, but our sophisticated threat monitoring approach combines technology with human intervention to effectively detect, block and prevent threats.”
The SD Threat Monitoring module, accessible through the SD Pro dashboard, constantly monitors all inbound and outbound threats from aircraft subscribed to the 24/7 monitoring service. Delivering a real-time, centralized inflight view of the cabin network, it makes aircraft data activity visible to flight departments and the SD cybersecurity experts. Abnormal network behavior is highlighted using a variety of threat analysis and prevention solutions, as well as human expertise. Potential threats, attacks and intrusions can be blocked before they reach the digital devices or aircraft. If a compromised device is identified in flight, threats can be blocked before they propagate to other passengers or call home to the malicious actor. Operating in real-time, the system alerts users, identifies causes and provides remedial steps. The system is designed to counter all level of threats from low through to critical.
“As the digitization of aviation trend continues, aircraft are becoming operating systems in themselves so mitigating data risk is imperative,” said Wheeler. “Regardless of whether you are on the ground or in the air, if you can see the internet, then the internet – and the hackers – are most definitely able to see you. Altitude does not make you safe and we are encouraging existing and new customers to be prepared.”