Ahead of EBACE 2019 Satcom Direct (SD) – booth W115 -the business aviation solutions provider, notes a year on year increase of attempted cybersecurity attacks on business aviation aircraft subscribed to its multi-layered Cybersecurity Threat Monitoring module. 81% of around 600 subscribed aircraft have experienced a cyber event that has been thwarted by the SD service.
In addition, the seriousness of the attempted attacks have amplified with a 54% increase in critical and high-level threats up from the same period last year. A critical threat represents activity that can affect default installations of widely deployed software resulting in the compromise of servers and devices, as well as leaving the "door open" for others with malicious intent. Trojans, viruses and operating system vulnerabilities all fall into the critical category. A high level represents a threat from web browser exploitation or malware, which can be elevated to a critical status. This type of threat can potentially cause serious long-term damage to corporate networks.
In particular SD has identified a trend that shows an increase in attacks from advance persistent threat groups such as the well-known Fancy Bear, as well as sophisticated hackers, which are often commissioned by nation states or criminal organizations to specifically targeting VIPS. Josh Wheeler, senior director of cybersecurity at SD says, "These perpetrators making particularly nasty threats invariably involve a group of black-hat hackers working in a closed network that continuously attack aircraft. This determined, networked approach is harder to mitigate, but our sophisticated threat monitoring approach combines technology with human intervention to effectively detect, block, and prevent threats."
The SD Threat Monitoring module, accessible through the SD Pro® dashboard, constantly monitors all inbound and outbound threats from some 600 tails subscribed to the 24/7 monitoring service. Delivering a real-time, centralized in-flight view of the cabin network, it makes aircraft data activity visible to flight departments and the SD cybersecurity experts. Abnormal network behavior is highlighted using a variety of threat analysis and prevention solutions, as well as human expertise. Potential threats, attacks, and intrusions are blocked before they reach the digital devices or aircraft. If a compromised device is identified in flight, threats can be blocked before they propagate to other passengers or "call home" to a perpetrator with malicious intent. Operating in real-time, the system alerts users, identifies causes, and provides remedial steps. The systems works for all level of threats from low through to critical.
"As the digitization of aviation trend continues aircraft are becoming operating systems in themselves so mitigating data risk is imperative," adds Wheeler, "Regardless of whether you are on the ground or in the air, if you can see the internet, then the internet – and the hackers – are most definitely able to see you. Altitude does not make you safe and we are encouraging existing and new customers to be prepared," adds Wheeler.